diff -Nru shibboleth-sp2-2.4.3+dfsg/Makefile.am shibboleth-sp2-2.5.2+dfsg/Makefile.am --- shibboleth-sp2-2.4.3+dfsg/Makefile.am 2011-06-28 00:39:28.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/Makefile.am 2013-05-23 16:57:05.000000000 +0000 @@ -16,6 +16,7 @@ shibsp \ shibd \ adfs \ + plugins \ util \ apache \ nsapi_shib \ @@ -30,15 +31,11 @@ all-local: endif -dist-hook: - rm -rf `find $(distdir)/isapi_shib -name .svn` - rm -rf `find $(distdir)/doc/api -name .svn` - GENFILES = @PACKAGE_NAME@.spec EXTRA_DIST = $(DX_CONFIG) \ - isapi_shib \ - Shibboleth.sln \ - config_win32.h \ - $(GENFILES) \ - $(GENFILES:%=%.in) + isapi_shib \ + Shibboleth.sln \ + config_win32.h \ + $(GENFILES) \ + $(GENFILES:%=%.in) diff -Nru shibboleth-sp2-2.4.3+dfsg/Makefile.in shibboleth-sp2-2.5.2+dfsg/Makefile.in --- shibboleth-sp2-2.4.3+dfsg/Makefile.in 2011-06-28 01:29:29.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/Makefile.in 2013-06-16 22:06:20.000000000 +0000 @@ -1,9 +1,8 @@ -# Makefile.in generated by automake 1.11.1 from Makefile.am. +# Makefile.in generated by automake 1.12.6 from Makefile.am. # @configure_input@ -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, -# Inc. +# Copyright (C) 1994-2012 Free Software Foundation, Inc. + # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -45,6 +44,23 @@ # # This is usually added to MOSTLYCLEANFILES. VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -66,16 +82,21 @@ DIST_COMMON = $(am__configure_deps) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in $(srcdir)/config.h.in \ $(srcdir)/doxygen.am $(srcdir)/shibboleth.spec.in \ - $(top_srcdir)/configure build-aux/config.guess \ - build-aux/config.sub build-aux/depcomp build-aux/install-sh \ - build-aux/ltmain.sh build-aux/missing + $(top_srcdir)/build-aux/config.guess \ + $(top_srcdir)/build-aux/config.sub \ + $(top_srcdir)/build-aux/install-sh \ + $(top_srcdir)/build-aux/ltmain.sh \ + $(top_srcdir)/build-aux/missing $(top_srcdir)/configure \ + build-aux/config.guess build-aux/config.sub build-aux/depcomp \ + build-aux/install-sh build-aux/ltmain.sh build-aux/missing subdir = . ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/acinclude.m4 \ - $(top_srcdir)/m4/acx_pthread.m4 $(top_srcdir)/m4/doxygen.m4 \ - $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ - $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ - $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac + $(top_srcdir)/m4/acx_pthread.m4 $(top_srcdir)/m4/boost.m4 \ + $(top_srcdir)/m4/doxygen.m4 $(top_srcdir)/m4/libtool.m4 \ + $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ + $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ + $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ @@ -93,20 +114,29 @@ install-pdf-recursive install-ps-recursive install-recursive \ installcheck-recursive installdirs-recursive pdf-recursive \ ps-recursive uninstall-recursive +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ - distdir dist dist-all distcheck + cscope distdir dist dist-all distcheck ETAGS = etags CTAGS = ctags +CSCOPE = cscope DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) distdir = $(PACKAGE)-$(VERSION) top_distdir = $(distdir) am__remove_distdir = \ - { test ! -d "$(distdir)" \ - || { find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \ - && rm -fr "$(distdir)"; }; } + if test -d "$(distdir)"; then \ + find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \ + && rm -rf "$(distdir)" \ + || { sleep 5 && rm -rf "$(distdir)"; }; \ + else :; fi +am__post_remove_distdir = $(am__remove_distdir) am__relativize = \ dir0=`pwd`; \ sed_first='s,^\([^/]*\)/.*$$,\1,'; \ @@ -134,7 +164,10 @@ reldir="$$dir2" DIST_ARCHIVES = $(distdir).tar.gz GZIP_ENV = --best +DIST_TARGETS = dist-gzip distuninstallcheck_listfiles = find . -type f -print +am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \ + | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$' distcleancheck_listfiles = find . -type f -print ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -147,6 +180,9 @@ APXS22 = @APXS22@ APXS22_CFLAGS = @APXS22_CFLAGS@ APXS22_INCLUDE = @APXS22_INCLUDE@ +APXS24 = @APXS24@ +APXS24_CFLAGS = @APXS24_CFLAGS@ +APXS24_INCLUDE = @APXS24_INCLUDE@ APXS2_CFLAGS = @APXS2_CFLAGS@ APXS2_INCLUDE = @APXS2_INCLUDE@ APXS_CFLAGS = @APXS_CFLAGS@ @@ -156,6 +192,8 @@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ +BOOST_CPPFLAGS = @BOOST_CPPFLAGS@ +BOOST_ROOT = @BOOST_ROOT@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ @@ -168,6 +206,7 @@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ +DISTCHECK_CONFIGURE_FLAGS = @DISTCHECK_CONFIGURE_FLAGS@ DLLTOOL = @DLLTOOL@ DOXYGEN_PAPER_SIZE = @DOXYGEN_PAPER_SIZE@ DSYMUTIL = @DSYMUTIL@ @@ -318,17 +357,17 @@ ACLOCAL_AMFLAGS = -I m4 @DX_COND_doc_TRUE@@DX_COND_html_TRUE@DX_CLEAN_HTML = @DX_DOCDIR@/html @DX_COND_chm_TRUE@@DX_COND_doc_TRUE@DX_CLEAN_CHM = @DX_DOCDIR@/chm -@DX_COND_chi_TRUE@@DX_COND_chm_TRUE@@DX_COND_doc_TRUE@DX_CLEAN_CHI = @DX_DOCDIR@/@PACKAGE@.chi +@DX_COND_chi_TRUE@@DX_COND_chm_TRUE@@DX_COND_doc_TRUE@DX_CLEAN_CHI = @DX_DOCDIR@/@PACKAGE_NAME@.chi @DX_COND_doc_TRUE@@DX_COND_man_TRUE@DX_CLEAN_MAN = @DX_DOCDIR@/man @DX_COND_doc_TRUE@@DX_COND_rtf_TRUE@DX_CLEAN_RTF = @DX_DOCDIR@/rtf @DX_COND_doc_TRUE@@DX_COND_xml_TRUE@DX_CLEAN_XML = @DX_DOCDIR@/xml -@DX_COND_doc_TRUE@@DX_COND_ps_TRUE@DX_CLEAN_PS = @DX_DOCDIR@/@PACKAGE@.ps +@DX_COND_doc_TRUE@@DX_COND_ps_TRUE@DX_CLEAN_PS = @DX_DOCDIR@/@PACKAGE_NAME@.ps @DX_COND_doc_TRUE@@DX_COND_ps_TRUE@DX_PS_GOAL = doxygen-ps -@DX_COND_doc_TRUE@@DX_COND_pdf_TRUE@DX_CLEAN_PDF = @DX_DOCDIR@/@PACKAGE@.pdf +@DX_COND_doc_TRUE@@DX_COND_pdf_TRUE@DX_CLEAN_PDF = @DX_DOCDIR@/@PACKAGE_NAME@.pdf @DX_COND_doc_TRUE@@DX_COND_pdf_TRUE@DX_PDF_GOAL = doxygen-pdf @DX_COND_doc_TRUE@@DX_COND_latex_TRUE@DX_CLEAN_LATEX = @DX_DOCDIR@/latex @DX_COND_doc_TRUE@DX_CLEANFILES = \ -@DX_COND_doc_TRUE@ @DX_DOCDIR@/@PACKAGE@.tag \ +@DX_COND_doc_TRUE@ @DX_DOCDIR@/@PACKAGE_NAME@.tag \ @DX_COND_doc_TRUE@ -r \ @DX_COND_doc_TRUE@ $(DX_CLEAN_HTML) \ @DX_COND_doc_TRUE@ $(DX_CLEAN_CHM) \ @@ -349,6 +388,7 @@ shibsp \ shibd \ adfs \ + plugins \ util \ apache \ nsapi_shib \ @@ -359,17 +399,17 @@ GENFILES = @PACKAGE_NAME@.spec EXTRA_DIST = $(DX_CONFIG) \ - isapi_shib \ - Shibboleth.sln \ - config_win32.h \ - $(GENFILES) \ - $(GENFILES:%=%.in) + isapi_shib \ + Shibboleth.sln \ + config_win32.h \ + $(GENFILES) \ + $(GENFILES:%=%.in) all: config.h $(MAKE) $(AM_MAKEFLAGS) all-recursive .SUFFIXES: -am--refresh: +am--refresh: Makefile @: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(srcdir)/doxygen.am $(am__configure_deps) @for dep in $?; do \ @@ -394,6 +434,7 @@ echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \ esac; +$(srcdir)/doxygen.am: $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) $(SHELL) ./config.status --recheck @@ -405,10 +446,8 @@ $(am__aclocal_m4_deps): config.h: stamp-h1 - @if test ! -f $@; then \ - rm -f stamp-h1; \ - $(MAKE) $(AM_MAKEFLAGS) stamp-h1; \ - else :; fi + @if test ! -f $@; then rm -f stamp-h1; else :; fi + @if test ! -f $@; then $(MAKE) $(AM_MAKEFLAGS) stamp-h1; else :; fi stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status @rm -f stamp-h1 @@ -433,12 +472,12 @@ -rm -f libtool config.lt # This directory's subdirectories are mostly independent; you can cd -# into them and run `make' without going through this Makefile. -# To change the values of `make' variables: instead of editing Makefiles, -# (1) if the variable is set in `config.status', edit `config.status' -# (which will cause the Makefiles to be regenerated when you run `make'); -# (2) otherwise, pass the desired values on the `make' command line. -$(RECURSIVE_TARGETS): +# into them and run 'make' without going through this Makefile. +# To change the values of 'make' variables: instead of editing Makefiles, +# (1) if the variable is set in 'config.status', edit 'config.status' +# (which will cause the Makefiles to be regenerated when you run 'make'); +# (2) otherwise, pass the desired values on the 'make' command line. +$(RECURSIVE_TARGETS) $(RECURSIVE_CLEAN_TARGETS): @fail= failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ @@ -448,7 +487,11 @@ done; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ - list='$(SUBDIRS)'; for subdir in $$list; do \ + case "$@" in \ + distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ + *) list='$(SUBDIRS)' ;; \ + esac; \ + for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ @@ -462,37 +505,6 @@ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" - -$(RECURSIVE_CLEAN_TARGETS): - @fail= failcom='exit 1'; \ - for f in x $$MAKEFLAGS; do \ - case $$f in \ - *=* | --[!k]*);; \ - *k*) failcom='fail=yes';; \ - esac; \ - done; \ - dot_seen=no; \ - case "$@" in \ - distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ - *) list='$(SUBDIRS)' ;; \ - esac; \ - rev=''; for subdir in $$list; do \ - if test "$$subdir" = "."; then :; else \ - rev="$$subdir $$rev"; \ - fi; \ - done; \ - rev="$$rev ."; \ - target=`echo $@ | sed s/-recursive//`; \ - for subdir in $$rev; do \ - echo "Making $$target in $$subdir"; \ - if test "$$subdir" = "."; then \ - local_target="$$target-am"; \ - else \ - local_target="$$target"; \ - fi; \ - ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ - || eval $$failcom; \ - done && test -z "$$fail" tags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ @@ -501,6 +513,10 @@ list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ done +cscopelist-recursive: + list='$(SUBDIRS)'; for subdir in $$list; do \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) cscopelist); \ + done ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ @@ -564,8 +580,32 @@ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" +cscope: cscope.files + test ! -s cscope.files \ + || $(CSCOPE) -b -q $(AM_CSCOPEFLAGS) $(CSCOPEFLAGS) -i cscope.files $(CSCOPE_ARGS) + +clean-cscope: + -rm -f cscope.files + +cscope.files: clean-cscope cscopelist-recursive cscopelist + +cscopelist: cscopelist-recursive $(HEADERS) $(SOURCES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + -rm -f cscope.out cscope.in.out cscope.po.out cscope.files distdir: $(DISTFILES) $(am__remove_distdir) @@ -601,13 +641,10 @@ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ - test -d "$(distdir)/$$subdir" \ - || $(MKDIR_P) "$(distdir)/$$subdir" \ - || exit 1; \ - fi; \ - done - @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ - if test "$$subdir" = .; then :; else \ + $(am__make_dryrun) \ + || test -d "$(distdir)/$$subdir" \ + || $(MKDIR_P) "$(distdir)/$$subdir" \ + || exit 1; \ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ $(am__relativize); \ new_distdir=$$reldir; \ @@ -627,9 +664,6 @@ || exit 1; \ fi; \ done - $(MAKE) $(AM_MAKEFLAGS) \ - top_distdir="$(top_distdir)" distdir="$(distdir)" \ - dist-hook -test -n "$(am__skip_mode_fix)" \ || find "$(distdir)" -type d ! -perm -755 \ -exec chmod u+rwx,go+rx {} \; -o \ @@ -639,36 +673,36 @@ || chmod -R a+r "$(distdir)" dist-gzip: distdir tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz - $(am__remove_distdir) + $(am__post_remove_distdir) dist-bzip2: distdir - tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2 - $(am__remove_distdir) + tardir=$(distdir) && $(am__tar) | BZIP2=$${BZIP2--9} bzip2 -c >$(distdir).tar.bz2 + $(am__post_remove_distdir) -dist-lzma: distdir - tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma - $(am__remove_distdir) +dist-lzip: distdir + tardir=$(distdir) && $(am__tar) | lzip -c $${LZIP_OPT--9} >$(distdir).tar.lz + $(am__post_remove_distdir) dist-xz: distdir - tardir=$(distdir) && $(am__tar) | xz -c >$(distdir).tar.xz - $(am__remove_distdir) + tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz + $(am__post_remove_distdir) dist-tarZ: distdir tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z - $(am__remove_distdir) + $(am__post_remove_distdir) dist-shar: distdir shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz - $(am__remove_distdir) + $(am__post_remove_distdir) dist-zip: distdir -rm -f $(distdir).zip zip -rq $(distdir).zip $(distdir) - $(am__remove_distdir) + $(am__post_remove_distdir) -dist dist-all: distdir - tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz - $(am__remove_distdir) +dist dist-all: + $(MAKE) $(AM_MAKEFLAGS) $(DIST_TARGETS) am__post_remove_distdir='@:' + $(am__post_remove_distdir) # This target untars the dist file and tries a VPATH configuration. Then # it guarantees that the distribution is self-contained by making another @@ -679,8 +713,8 @@ GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\ *.tar.bz2*) \ bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\ - *.tar.lzma*) \ - lzma -dc $(distdir).tar.lzma | $(am__untar) ;;\ + *.tar.lz*) \ + lzip -dc $(distdir).tar.lz | $(am__untar) ;;\ *.tar.xz*) \ xz -dc $(distdir).tar.xz | $(am__untar) ;;\ *.tar.Z*) \ @@ -690,9 +724,9 @@ *.zip*) \ unzip $(distdir).zip ;;\ esac - chmod -R a-w $(distdir); chmod a+w $(distdir) - mkdir $(distdir)/_build - mkdir $(distdir)/_inst + chmod -R a-w $(distdir) + chmod u+w $(distdir) + mkdir $(distdir)/_build $(distdir)/_inst chmod a-w $(distdir) test -d $(distdir)/_build || exit 0; \ dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \ @@ -700,6 +734,7 @@ && am__cwd=`pwd` \ && $(am__cd) $(distdir)/_build \ && ../configure --srcdir=.. --prefix="$$dc_install_base" \ + $(AM_DISTCHECK_CONFIGURE_FLAGS) \ $(DISTCHECK_CONFIGURE_FLAGS) \ && $(MAKE) $(AM_MAKEFLAGS) \ && $(MAKE) $(AM_MAKEFLAGS) dvi \ @@ -723,13 +758,21 @@ && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \ && cd "$$am__cwd" \ || exit 1 - $(am__remove_distdir) + $(am__post_remove_distdir) @(echo "$(distdir) archives ready for distribution: "; \ list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \ sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x' distuninstallcheck: - @$(am__cd) '$(distuninstallcheck_dir)' \ - && test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \ + @test -n '$(distuninstallcheck_dir)' || { \ + echo 'ERROR: trying to run $@ with an empty' \ + '$$(distuninstallcheck_dir)' >&2; \ + exit 1; \ + }; \ + $(am__cd) '$(distuninstallcheck_dir)' || { \ + echo 'ERROR: cannot chdir into $(distuninstallcheck_dir)' >&2; \ + exit 1; \ + }; \ + test `$(am__distuninstallcheck_listfiles) | wc -l` -eq 0 \ || { echo "ERROR: files left after uninstall:" ; \ if test -n "$(DESTDIR)"; then \ echo " (check DESTDIR support)"; \ @@ -760,10 +803,15 @@ installcheck: installcheck-recursive install-strip: - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - `test -z '$(STRIP)' || \ - echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi mostlyclean-generic: -test -z "$(MOSTLYCLEANFILES)" || rm -f $(MOSTLYCLEANFILES) @@ -847,29 +895,30 @@ uninstall-am: .MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) all \ - ctags-recursive install-am install-strip tags-recursive + cscopelist-recursive ctags-recursive install-am install-strip \ + tags-recursive .PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ all all-am all-local am--refresh check check-am clean \ - clean-generic clean-libtool ctags ctags-recursive dist \ - dist-all dist-bzip2 dist-gzip dist-hook dist-lzma dist-shar \ - dist-tarZ dist-xz dist-zip distcheck distclean \ - distclean-generic distclean-hdr distclean-libtool \ - distclean-tags distcleancheck distdir distuninstallcheck dvi \ - dvi-am html html-am info info-am install install-am \ - install-data install-data-am install-dvi install-dvi-am \ - install-exec install-exec-am install-html install-html-am \ - install-info install-info-am install-man install-pdf \ - install-pdf-am install-ps install-ps-am install-strip \ - installcheck installcheck-am installdirs installdirs-am \ - maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags tags-recursive uninstall uninstall-am + clean-cscope clean-generic clean-libtool cscope cscopelist \ + cscopelist-recursive ctags ctags-recursive dist dist-all \ + dist-bzip2 dist-gzip dist-lzip dist-shar dist-tarZ dist-xz \ + dist-zip distcheck distclean distclean-generic distclean-hdr \ + distclean-libtool distclean-tags distcleancheck distdir \ + distuninstallcheck dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + installdirs-am maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ + ps ps-am tags tags-recursive uninstall uninstall-am -@DX_COND_doc_TRUE@@DX_COND_ps_TRUE@doxygen-ps: @DX_DOCDIR@/@PACKAGE@.ps +@DX_COND_doc_TRUE@@DX_COND_ps_TRUE@doxygen-ps: @DX_DOCDIR@/@PACKAGE_NAME@.ps -@DX_COND_doc_TRUE@@DX_COND_ps_TRUE@@DX_DOCDIR@/@PACKAGE@.ps: @DX_DOCDIR@/@PACKAGE@.tag +@DX_COND_doc_TRUE@@DX_COND_ps_TRUE@@DX_DOCDIR@/@PACKAGE_NAME@.ps: @DX_DOCDIR@/@PACKAGE_NAME@.tag @DX_COND_doc_TRUE@@DX_COND_ps_TRUE@ cd @DX_DOCDIR@/latex; \ @DX_COND_doc_TRUE@@DX_COND_ps_TRUE@ rm -f *.aux *.toc *.idx *.ind *.ilg *.log *.out; \ @DX_COND_doc_TRUE@@DX_COND_ps_TRUE@ $(DX_LATEX) refman.tex; \ @@ -882,11 +931,11 @@ @DX_COND_doc_TRUE@@DX_COND_ps_TRUE@ $(DX_LATEX) refman.tex; \ @DX_COND_doc_TRUE@@DX_COND_ps_TRUE@ countdown=`expr $$countdown - 1`; \ @DX_COND_doc_TRUE@@DX_COND_ps_TRUE@ done; \ -@DX_COND_doc_TRUE@@DX_COND_ps_TRUE@ $(DX_DVIPS) -o ../@PACKAGE@.ps refman.dvi +@DX_COND_doc_TRUE@@DX_COND_ps_TRUE@ $(DX_DVIPS) -o ../@PACKAGE_NAME@.ps refman.dvi -@DX_COND_doc_TRUE@@DX_COND_pdf_TRUE@doxygen-pdf: @DX_DOCDIR@/@PACKAGE@.pdf +@DX_COND_doc_TRUE@@DX_COND_pdf_TRUE@doxygen-pdf: @DX_DOCDIR@/@PACKAGE_NAME@.pdf -@DX_COND_doc_TRUE@@DX_COND_pdf_TRUE@@DX_DOCDIR@/@PACKAGE@.pdf: @DX_DOCDIR@/@PACKAGE@.tag +@DX_COND_doc_TRUE@@DX_COND_pdf_TRUE@@DX_DOCDIR@/@PACKAGE_NAME@.pdf: @DX_DOCDIR@/@PACKAGE_NAME@.tag @DX_COND_doc_TRUE@@DX_COND_pdf_TRUE@ cd @DX_DOCDIR@/latex; \ @DX_COND_doc_TRUE@@DX_COND_pdf_TRUE@ rm -f *.aux *.toc *.idx *.ind *.ilg *.log *.out; \ @DX_COND_doc_TRUE@@DX_COND_pdf_TRUE@ $(DX_PDFLATEX) refman.tex; \ @@ -899,27 +948,23 @@ @DX_COND_doc_TRUE@@DX_COND_pdf_TRUE@ $(DX_PDFLATEX) refman.tex; \ @DX_COND_doc_TRUE@@DX_COND_pdf_TRUE@ countdown=`expr $$countdown - 1`; \ @DX_COND_doc_TRUE@@DX_COND_pdf_TRUE@ done; \ -@DX_COND_doc_TRUE@@DX_COND_pdf_TRUE@ mv refman.pdf ../@PACKAGE@.pdf +@DX_COND_doc_TRUE@@DX_COND_pdf_TRUE@ mv refman.pdf ../@PACKAGE_NAME@.pdf @DX_COND_doc_TRUE@.PHONY: doxygen-run doxygen-doc $(DX_PS_GOAL) $(DX_PDF_GOAL) @DX_COND_doc_TRUE@.INTERMEDIATE: doxygen-run $(DX_PS_GOAL) $(DX_PDF_GOAL) -@DX_COND_doc_TRUE@doxygen-run: @DX_DOCDIR@/@PACKAGE@.tag +@DX_COND_doc_TRUE@doxygen-run: @DX_DOCDIR@/@PACKAGE_NAME@.tag @DX_COND_doc_TRUE@doxygen-doc: doxygen-run $(DX_PS_GOAL) $(DX_PDF_GOAL) -@DX_COND_doc_TRUE@@DX_DOCDIR@/@PACKAGE@.tag: $(DX_CONFIG) $(pkginclude_HEADERS) +@DX_COND_doc_TRUE@@DX_DOCDIR@/@PACKAGE_NAME@.tag: $(DX_CONFIG) $(pkginclude_HEADERS) @DX_COND_doc_TRUE@ rm -rf @DX_DOCDIR@ @DX_COND_doc_TRUE@ $(DX_ENV) DX_INCLUDE=$(DX_INCLUDE) $(DX_DOXYGEN) $(srcdir)/$(DX_CONFIG) @DX_COND_doc_TRUE@all-local: doxygen-doc @DX_COND_doc_FALSE@all-local: -dist-hook: - rm -rf `find $(distdir)/isapi_shib -name .svn` - rm -rf `find $(distdir)/doc/api -name .svn` - # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff -Nru shibboleth-sp2-2.4.3+dfsg/Shibboleth.sln shibboleth-sp2-2.5.2+dfsg/Shibboleth.sln --- shibboleth-sp2-2.4.3+dfsg/Shibboleth.sln 2011-06-28 00:39:28.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/Shibboleth.sln 2013-05-23 16:57:05.000000000 +0000 @@ -1,5 +1,5 @@ -Microsoft Visual Studio Solution File, Format Version 11.00 -# Visual Studio 2010 +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio 2012 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Server Modules", "Server Modules", "{26BA8F84-6E42-41FA-9B13-5D3F4B5B2050}" EndProject Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Extensions", "Extensions", "{96AE4FC9-45EF-4C18-9F3B-EDA439E26E4C}" @@ -7,6 +7,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Utilities", "Utilities", "{FED80230-119E-4B2F-9F53-D2660A5F022B}" ProjectSection(SolutionItems) = preProject util\Makefile.am = util\Makefile.am + util\resource.h = util\resource.h EndProjectSection EndProject Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "fastcgi", "fastcgi", "{8E1AF2CF-24E1-4983-8681-394D89DF9AD2}" @@ -36,6 +37,8 @@ configs\apache.config.in = configs\apache.config.in configs\apache2.config.in = configs\apache2.config.in configs\apache22.config.in = configs\apache22.config.in + configs\apache24.config.in = configs\apache24.config.in + configs\attrChecker.html = configs\attrChecker.html configs\attribute-map.xml = configs\attribute-map.xml configs\attribute-policy.xml = configs\attribute-policy.xml configs\bindingTemplate.html = configs\bindingTemplate.html @@ -55,7 +58,8 @@ configs\postTemplate.html = configs\postTemplate.html configs\protocols.xml = configs\protocols.xml configs\security-policy.xml = configs\security-policy.xml - configs\sessionError.html = configs\sessionError.html + configs\SetService32.bat = configs\SetService32.bat + configs\SetService64.bat = configs\SetService64.bat configs\shibboleth2.xml = configs\shibboleth2.xml configs\shibd-debian.in = configs\shibd-debian.in configs\shibd-osx.plist.in = configs\shibd-osx.plist.in @@ -73,6 +77,7 @@ ProjectSection(SolutionItems) = preProject m4\acinclude.m4 = m4\acinclude.m4 m4\acx_pthread.m4 = m4\acx_pthread.m4 + m4\boost.m4 = m4\boost.m4 config_win32.h = config_win32.h configure.ac = configure.ac doxygen.am = doxygen.am @@ -88,7 +93,6 @@ doc\FASTCGI.LICENSE = doc\FASTCGI.LICENSE doc\LICENSE.txt = doc\LICENSE.txt doc\LOG4CPP.LICENSE = doc\LOG4CPP.LICENSE - doc\logo.jpg = doc\logo.jpg doc\main.css = doc\main.css doc\Makefile.am = doc\Makefile.am doc\NOTICE.txt = doc\NOTICE.txt @@ -129,6 +133,46 @@ EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "memcache-store", "memcache-store\memcache-store.vcxproj", "{666A63A7-983F-4C19-8411-207F24305198}" EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "plugins", "plugins\plugins.vcxproj", "{A2140D6E-C2C6-4329-84E3-2F530CEBE445}" +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "mod_shib_24", "apache\mod_shib24.vcxproj", "{B44C0852-83B8-4FB2-A86E-097C9C8256D1}" +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "plugins-lite", "plugins\plugins-lite.vcxproj", "{A2140D6E-C2C6-4329-84E3-2F530CEBE442}" + ProjectSection(ProjectDependencies) = postProject + {81F0F7A6-DC36-46EF-957F-F9E81D4403F7} = {81F0F7A6-DC36-46EF-957F-F9E81D4403F7} + EndProjectSection +EndProject +Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Installers", "Installers", "{BF389E01-8F97-4ECA-8C62-2DBB8F0480DD}" +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "MergeModules", "msi\WiX\MergeModules\MergeModules.vcxproj", "{EFF65B5B-85AB-4FD5-A217-7E6CA4219951}" + ProjectSection(ProjectDependencies) = postProject + {81F0F7A6-DC36-46EF-957F-F9E81D4403F6} = {81F0F7A6-DC36-46EF-957F-F9E81D4403F6} + EndProjectSection +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Installer", "msi\WiX\Installer.vcxproj", "{C2B1BB79-C88B-42B4-9AEC-170F91910F70}" + ProjectSection(ProjectDependencies) = postProject + {1396D80A-8672-4224-9B02-95F3F4207CDB} = {1396D80A-8672-4224-9B02-95F3F4207CDB} + {D243B43E-728E-4F32-BDFF-B3A897037C6D} = {D243B43E-728E-4F32-BDFF-B3A897037C6D} + {87C25D4E-8D19-4513-B0BA-BC668BC2DEE3} = {87C25D4E-8D19-4513-B0BA-BC668BC2DEE3} + {B44C0852-83B8-4FB2-A86E-097C9C8256D0} = {B44C0852-83B8-4FB2-A86E-097C9C8256D0} + {B44C0852-83B8-4FB2-A86E-097C9C8256D1} = {B44C0852-83B8-4FB2-A86E-097C9C8256D1} + {EFF65B5B-85AB-4FD5-A217-7E6CA4219951} = {EFF65B5B-85AB-4FD5-A217-7E6CA4219951} + {A2140D6E-C2C6-4329-84E3-2F530CEBE442} = {A2140D6E-C2C6-4329-84E3-2F530CEBE442} + {A2140D6E-C2C6-4329-84E3-2F530CEBE445} = {A2140D6E-C2C6-4329-84E3-2F530CEBE445} + {68E9568B-476C-4289-B93C-893432378ADC} = {68E9568B-476C-4289-B93C-893432378ADC} + {81F0F7A6-DC36-46EF-957F-F9E81D4403F6} = {81F0F7A6-DC36-46EF-957F-F9E81D4403F6} + {81F0F7A6-DC36-46EF-957F-F9E81D4403F7} = {81F0F7A6-DC36-46EF-957F-F9E81D4403F7} + {666A63A7-983F-4C19-8411-207F24305197} = {666A63A7-983F-4C19-8411-207F24305197} + {666A63A7-983F-4C19-8411-207F24305198} = {666A63A7-983F-4C19-8411-207F24305198} + {F13141B5-6C87-40BB-8D4E-5CC56EBB4C59} = {F13141B5-6C87-40BB-8D4E-5CC56EBB4C59} + {F13141B6-6C87-40BB-8D4E-5CC56EBB4C59} = {F13141B6-6C87-40BB-8D4E-5CC56EBB4C59} + {F13141B6-6C87-40BB-8D4E-5CC56EBB4C5A} = {F13141B6-6C87-40BB-8D4E-5CC56EBB4C5A} + {26D4FABF-ACDE-4947-9C4A-7AE1B50CD83A} = {26D4FABF-ACDE-4947-9C4A-7AE1B50CD83A} + {26D4FABF-ACDE-4947-9C4A-7AE1B50CD83B} = {26D4FABF-ACDE-4947-9C4A-7AE1B50CD83B} + {B2423DCE-048D-4BAA-9AB9-F5D1FCDD3D25} = {B2423DCE-048D-4BAA-9AB9-F5D1FCDD3D25} + {8CF7DDFA-EAA0-416E-853E-3DCB210C4AE0} = {8CF7DDFA-EAA0-416E-853E-3DCB210C4AE0} + EndProjectSection +EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|Win32 = Debug|Win32 @@ -252,11 +296,49 @@ {B2423DCE-048D-4BAA-9AB9-F5D1FCDD3D25}.Release|x64.ActiveCfg = Release|x64 {B2423DCE-048D-4BAA-9AB9-F5D1FCDD3D25}.Release|x64.Build.0 = Release|x64 {666A63A7-983F-4C19-8411-207F24305198}.Debug|Win32.ActiveCfg = Debug|Win32 - {666A63A7-983F-4C19-8411-207F24305198}.Debug|Win32.Build.0 = Debug|Win32 {666A63A7-983F-4C19-8411-207F24305198}.Debug|x64.ActiveCfg = Debug|x64 {666A63A7-983F-4C19-8411-207F24305198}.Release|Win32.ActiveCfg = Release|Win32 - {666A63A7-983F-4C19-8411-207F24305198}.Release|Win32.Build.0 = Release|Win32 {666A63A7-983F-4C19-8411-207F24305198}.Release|x64.ActiveCfg = Release|x64 + {A2140D6E-C2C6-4329-84E3-2F530CEBE445}.Debug|Win32.ActiveCfg = Debug|Win32 + {A2140D6E-C2C6-4329-84E3-2F530CEBE445}.Debug|Win32.Build.0 = Debug|Win32 + {A2140D6E-C2C6-4329-84E3-2F530CEBE445}.Debug|x64.ActiveCfg = Debug|x64 + {A2140D6E-C2C6-4329-84E3-2F530CEBE445}.Debug|x64.Build.0 = Debug|x64 + {A2140D6E-C2C6-4329-84E3-2F530CEBE445}.Release|Win32.ActiveCfg = Release|Win32 + {A2140D6E-C2C6-4329-84E3-2F530CEBE445}.Release|Win32.Build.0 = Release|Win32 + {A2140D6E-C2C6-4329-84E3-2F530CEBE445}.Release|x64.ActiveCfg = Release|x64 + {A2140D6E-C2C6-4329-84E3-2F530CEBE445}.Release|x64.Build.0 = Release|x64 + {B44C0852-83B8-4FB2-A86E-097C9C8256D1}.Debug|Win32.ActiveCfg = Debug|Win32 + {B44C0852-83B8-4FB2-A86E-097C9C8256D1}.Debug|Win32.Build.0 = Debug|Win32 + {B44C0852-83B8-4FB2-A86E-097C9C8256D1}.Debug|x64.ActiveCfg = Debug|x64 + {B44C0852-83B8-4FB2-A86E-097C9C8256D1}.Debug|x64.Build.0 = Debug|x64 + {B44C0852-83B8-4FB2-A86E-097C9C8256D1}.Release|Win32.ActiveCfg = Release|Win32 + {B44C0852-83B8-4FB2-A86E-097C9C8256D1}.Release|Win32.Build.0 = Release|Win32 + {B44C0852-83B8-4FB2-A86E-097C9C8256D1}.Release|x64.ActiveCfg = Release|x64 + {B44C0852-83B8-4FB2-A86E-097C9C8256D1}.Release|x64.Build.0 = Release|x64 + {A2140D6E-C2C6-4329-84E3-2F530CEBE442}.Debug|Win32.ActiveCfg = Debug|Win32 + {A2140D6E-C2C6-4329-84E3-2F530CEBE442}.Debug|Win32.Build.0 = Debug|Win32 + {A2140D6E-C2C6-4329-84E3-2F530CEBE442}.Debug|x64.ActiveCfg = Debug|x64 + {A2140D6E-C2C6-4329-84E3-2F530CEBE442}.Debug|x64.Build.0 = Debug|x64 + {A2140D6E-C2C6-4329-84E3-2F530CEBE442}.Release|Win32.ActiveCfg = Release|Win32 + {A2140D6E-C2C6-4329-84E3-2F530CEBE442}.Release|Win32.Build.0 = Release|Win32 + {A2140D6E-C2C6-4329-84E3-2F530CEBE442}.Release|x64.ActiveCfg = Release|x64 + {A2140D6E-C2C6-4329-84E3-2F530CEBE442}.Release|x64.Build.0 = Release|x64 + {EFF65B5B-85AB-4FD5-A217-7E6CA4219951}.Debug|Win32.ActiveCfg = Debug|Win32 + {EFF65B5B-85AB-4FD5-A217-7E6CA4219951}.Debug|Win32.Build.0 = Debug|Win32 + {EFF65B5B-85AB-4FD5-A217-7E6CA4219951}.Debug|x64.ActiveCfg = Debug|x64 + {EFF65B5B-85AB-4FD5-A217-7E6CA4219951}.Debug|x64.Build.0 = Debug|x64 + {EFF65B5B-85AB-4FD5-A217-7E6CA4219951}.Release|Win32.ActiveCfg = Release|Win32 + {EFF65B5B-85AB-4FD5-A217-7E6CA4219951}.Release|Win32.Build.0 = Release|Win32 + {EFF65B5B-85AB-4FD5-A217-7E6CA4219951}.Release|x64.ActiveCfg = Release|x64 + {EFF65B5B-85AB-4FD5-A217-7E6CA4219951}.Release|x64.Build.0 = Release|x64 + {C2B1BB79-C88B-42B4-9AEC-170F91910F70}.Debug|Win32.ActiveCfg = Debug|Win32 + {C2B1BB79-C88B-42B4-9AEC-170F91910F70}.Debug|Win32.Build.0 = Debug|Win32 + {C2B1BB79-C88B-42B4-9AEC-170F91910F70}.Debug|x64.ActiveCfg = Debug|x64 + {C2B1BB79-C88B-42B4-9AEC-170F91910F70}.Debug|x64.Build.0 = Debug|x64 + {C2B1BB79-C88B-42B4-9AEC-170F91910F70}.Release|Win32.ActiveCfg = Release|Win32 + {C2B1BB79-C88B-42B4-9AEC-170F91910F70}.Release|Win32.Build.0 = Release|Win32 + {C2B1BB79-C88B-42B4-9AEC-170F91910F70}.Release|x64.ActiveCfg = Release|x64 + {C2B1BB79-C88B-42B4-9AEC-170F91910F70}.Release|x64.Build.0 = Release|x64 EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE @@ -268,13 +350,18 @@ {68E9568B-476C-4289-B93C-893432378ADC} = {26BA8F84-6E42-41FA-9B13-5D3F4B5B2050} {1396D80A-8672-4224-9B02-95F3F4207CDB} = {26BA8F84-6E42-41FA-9B13-5D3F4B5B2050} {B44C0852-83B8-4FB2-A86E-097C9C8256D0} = {26BA8F84-6E42-41FA-9B13-5D3F4B5B2050} + {B44C0852-83B8-4FB2-A86E-097C9C8256D1} = {26BA8F84-6E42-41FA-9B13-5D3F4B5B2050} {666A63A7-983F-4C19-8411-207F24305197} = {96AE4FC9-45EF-4C18-9F3B-EDA439E26E4C} {26D4FABF-ACDE-4947-9C4A-7AE1B50CD83A} = {96AE4FC9-45EF-4C18-9F3B-EDA439E26E4C} {26D4FABF-ACDE-4947-9C4A-7AE1B50CD83B} = {96AE4FC9-45EF-4C18-9F3B-EDA439E26E4C} {666A63A7-983F-4C19-8411-207F24305198} = {96AE4FC9-45EF-4C18-9F3B-EDA439E26E4C} + {A2140D6E-C2C6-4329-84E3-2F530CEBE445} = {96AE4FC9-45EF-4C18-9F3B-EDA439E26E4C} + {A2140D6E-C2C6-4329-84E3-2F530CEBE442} = {96AE4FC9-45EF-4C18-9F3B-EDA439E26E4C} {F13141B6-6C87-40BB-8D4E-5CC56EBB4C5A} = {FED80230-119E-4B2F-9F53-D2660A5F022B} {F13141B6-6C87-40BB-8D4E-5CC56EBB4C59} = {FED80230-119E-4B2F-9F53-D2660A5F022B} {8CF7DDFA-EAA0-416E-853E-3DCB210C4AE0} = {8E1AF2CF-24E1-4983-8681-394D89DF9AD2} {B2423DCE-048D-4BAA-9AB9-F5D1FCDD3D25} = {8E1AF2CF-24E1-4983-8681-394D89DF9AD2} + {EFF65B5B-85AB-4FD5-A217-7E6CA4219951} = {BF389E01-8F97-4ECA-8C62-2DBB8F0480DD} + {C2B1BB79-C88B-42B4-9AEC-170F91910F70} = {BF389E01-8F97-4ECA-8C62-2DBB8F0480DD} EndGlobalSection EndGlobal diff -Nru shibboleth-sp2-2.4.3+dfsg/aclocal.m4 shibboleth-sp2-2.5.2+dfsg/aclocal.m4 --- shibboleth-sp2-2.4.3+dfsg/aclocal.m4 2011-06-28 01:29:22.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/aclocal.m4 2013-06-16 22:06:17.000000000 +0000 @@ -1,7 +1,7 @@ -# generated automatically by aclocal 1.11.1 -*- Autoconf -*- +# generated automatically by aclocal 1.12.6 -*- Autoconf -*- + +# Copyright (C) 1996-2012 Free Software Foundation, Inc. -# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, -# 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -13,13 +13,13 @@ m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl -m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.68],, -[m4_warning([this file was generated for autoconf 2.68. +m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.69],, +[m4_warning([this file was generated for autoconf 2.69. You have another version of autoconf. It may work, but is not guaranteed to. If you have problems, you may need to regenerate the build system entirely. -To do so, use the procedure documented by the package, typically `autoreconf'.])]) +To do so, use the procedure documented by the package, typically 'autoreconf'.])]) -# Copyright (C) 2002, 2003, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# Copyright (C) 2002-2012 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -31,10 +31,10 @@ # generated from the m4 files accompanying Automake X.Y. # (This private macro should not be called outside this file.) AC_DEFUN([AM_AUTOMAKE_VERSION], -[am__api_version='1.11' +[am__api_version='1.12' dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to dnl require some minimum version. Point them to the right macro. -m4_if([$1], [1.11.1], [], +m4_if([$1], [1.12.6], [], [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl ]) @@ -50,22 +50,22 @@ # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. # This function is AC_REQUIREd by AM_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], -[AM_AUTOMAKE_VERSION([1.11.1])dnl +[AM_AUTOMAKE_VERSION([1.12.6])dnl m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) # AM_AUX_DIR_EXPAND -*- Autoconf -*- -# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc. +# Copyright (C) 2001-2012 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets -# $ac_aux_dir to `$srcdir/foo'. In other projects, it is set to -# `$srcdir', `$srcdir/..', or `$srcdir/../..'. +# $ac_aux_dir to '$srcdir/foo'. In other projects, it is set to +# '$srcdir', '$srcdir/..', or '$srcdir/../..'. # # Of course, Automake must honor this variable whenever it calls a # tool from the auxiliary directory. The problem is that $srcdir (and @@ -84,7 +84,7 @@ # # The reason of the latter failure is that $top_srcdir and $ac_aux_dir # are both prefixed by $srcdir. In an in-source build this is usually -# harmless because $srcdir is `.', but things will broke when you +# harmless because $srcdir is '.', but things will broke when you # start a VPATH build or use an absolute $srcdir. # # So we could use something similar to $top_srcdir/$ac_aux_dir/missing, @@ -110,22 +110,19 @@ # AM_CONDITIONAL -*- Autoconf -*- -# Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005, 2006, 2008 -# Free Software Foundation, Inc. +# Copyright (C) 1997-2012 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 9 - # AM_CONDITIONAL(NAME, SHELL-CONDITION) # ------------------------------------- # Define a conditional. AC_DEFUN([AM_CONDITIONAL], -[AC_PREREQ(2.52)dnl - ifelse([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])], - [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl +[AC_PREREQ([2.52])dnl + m4_if([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])], + [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl AC_SUBST([$1_TRUE])dnl AC_SUBST([$1_FALSE])dnl _AM_SUBST_NOTMAKE([$1_TRUE])dnl @@ -144,16 +141,14 @@ Usually this means the macro was only invoked conditionally.]]) fi])]) -# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2009 -# Free Software Foundation, Inc. +# Copyright (C) 1999-2012 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 10 -# There are a few dirty hacks below to avoid letting `AC_PROG_CC' be +# There are a few dirty hacks below to avoid letting 'AC_PROG_CC' be # written in clear, in which case automake, when reading aclocal.m4, # will think it sees a *use*, and therefore will trigger all it's # C support machinery. Also note that it means that autoscan, seeing @@ -163,7 +158,7 @@ # _AM_DEPENDENCIES(NAME) # ---------------------- # See how the compiler implements dependency checking. -# NAME is "CC", "CXX", "GCJ", or "OBJC". +# NAME is "CC", "CXX", "OBJC", "OBJCXX", "UPC", or "GJC". # We try a few techniques and use that to set a single cache variable. # # We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was @@ -176,12 +171,13 @@ AC_REQUIRE([AM_MAKE_INCLUDE])dnl AC_REQUIRE([AM_DEP_TRACK])dnl -ifelse([$1], CC, [depcc="$CC" am_compiler_list=], - [$1], CXX, [depcc="$CXX" am_compiler_list=], - [$1], OBJC, [depcc="$OBJC" am_compiler_list='gcc3 gcc'], - [$1], UPC, [depcc="$UPC" am_compiler_list=], - [$1], GCJ, [depcc="$GCJ" am_compiler_list='gcc3 gcc'], - [depcc="$$1" am_compiler_list=]) +m4_if([$1], [CC], [depcc="$CC" am_compiler_list=], + [$1], [CXX], [depcc="$CXX" am_compiler_list=], + [$1], [OBJC], [depcc="$OBJC" am_compiler_list='gcc3 gcc'], + [$1], [OBJCXX], [depcc="$OBJCXX" am_compiler_list='gcc3 gcc'], + [$1], [UPC], [depcc="$UPC" am_compiler_list=], + [$1], [GCJ], [depcc="$GCJ" am_compiler_list='gcc3 gcc'], + [depcc="$$1" am_compiler_list=]) AC_CACHE_CHECK([dependency style of $depcc], [am_cv_$1_dependencies_compiler_type], @@ -189,8 +185,9 @@ # We make a subdir and do the tests there. Otherwise we can end up # making bogus files that we don't know about and never remove. For # instance it was reported that on HP-UX the gcc test will end up - # making a dummy file named `D' -- because `-MD' means `put the output - # in D'. + # making a dummy file named 'D' -- because '-MD' means "put the output + # in D". + rm -rf conftest.dir mkdir conftest.dir # Copy depcomp to subdir because otherwise we won't find it if we're # using a relative directory. @@ -229,16 +226,16 @@ : > sub/conftest.c for i in 1 2 3 4 5 6; do echo '#include "conftst'$i'.h"' >> sub/conftest.c - # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with - # Solaris 8's {/usr,}/bin/sh. - touch sub/conftst$i.h + # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with + # Solaris 10 /bin/sh. + echo '/* dummy */' > sub/conftst$i.h done echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf - # We check with `-c' and `-o' for the sake of the "dashmstdout" + # We check with '-c' and '-o' for the sake of the "dashmstdout" # mode. It turns out that the SunPro C++ compiler does not properly - # handle `-M -o', and we need to detect this. Also, some Intel - # versions had trouble with output in subdirs + # handle '-M -o', and we need to detect this. Also, some Intel + # versions had trouble with output in subdirs. am__obj=sub/conftest.${OBJEXT-o} am__minus_obj="-o $am__obj" case $depmode in @@ -247,16 +244,16 @@ test "$am__universal" = false || continue ;; nosideeffect) - # after this tag, mechanisms are not by side-effect, so they'll - # only be used when explicitly requested + # After this tag, mechanisms are not by side-effect, so they'll + # only be used when explicitly requested. if test "x$enable_dependency_tracking" = xyes; then continue else break fi ;; - msvisualcpp | msvcmsys) - # This compiler won't grok `-c -o', but also, the minuso test has + msvc7 | msvc7msys | msvisualcpp | msvcmsys) + # This compiler won't grok '-c -o', but also, the minuso test has # not run yet. These depmodes are late enough in the game, and # so weak that their functioning should not be impacted. am__obj=conftest.${OBJEXT-o} @@ -304,7 +301,7 @@ # AM_SET_DEPDIR # ------------- # Choose a directory name for dependency files. -# This macro is AC_REQUIREd in _AM_DEPENDENCIES +# This macro is AC_REQUIREd in _AM_DEPENDENCIES. AC_DEFUN([AM_SET_DEPDIR], [AC_REQUIRE([AM_SET_LEADING_DOT])dnl AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl @@ -314,28 +311,33 @@ # AM_DEP_TRACK # ------------ AC_DEFUN([AM_DEP_TRACK], -[AC_ARG_ENABLE(dependency-tracking, -[ --disable-dependency-tracking speeds up one-time build - --enable-dependency-tracking do not reject slow dependency extractors]) +[AC_ARG_ENABLE([dependency-tracking], [dnl +AS_HELP_STRING( + [--enable-dependency-tracking], + [do not reject slow dependency extractors]) +AS_HELP_STRING( + [--disable-dependency-tracking], + [speeds up one-time build])]) if test "x$enable_dependency_tracking" != xno; then am_depcomp="$ac_aux_dir/depcomp" AMDEPBACKSLASH='\' + am__nodep='_no' fi AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno]) AC_SUBST([AMDEPBACKSLASH])dnl _AM_SUBST_NOTMAKE([AMDEPBACKSLASH])dnl +AC_SUBST([am__nodep])dnl +_AM_SUBST_NOTMAKE([am__nodep])dnl ]) # Generate code to set up dependency tracking. -*- Autoconf -*- -# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2008 -# Free Software Foundation, Inc. +# Copyright (C) 1999-2012 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -#serial 5 # _AM_OUTPUT_DEPENDENCY_COMMANDS # ------------------------------ @@ -354,7 +356,7 @@ # Strip MF so we end up with the name of the file. mf=`echo "$mf" | sed -e 's/:.*$//'` # Check whether this is an Automake generated Makefile or not. - # We used to match only the files named `Makefile.in', but + # We used to match only the files named 'Makefile.in', but # some people rename them; so instead we look at the file content. # Grep'ing the first line is not enough: some people post-process # each Makefile.in and add a new line on top of each file to say so. @@ -366,21 +368,19 @@ continue fi # Extract the definition of DEPDIR, am__include, and am__quote - # from the Makefile without running `make'. + # from the Makefile without running 'make'. DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` test -z "$DEPDIR" && continue am__include=`sed -n 's/^am__include = //p' < "$mf"` test -z "am__include" && continue am__quote=`sed -n 's/^am__quote = //p' < "$mf"` - # When using ansi2knr, U may be empty or an underscore; expand it - U=`sed -n 's/^U = //p' < "$mf"` # Find all dependency output files, they are included files with # $(DEPDIR) in their names. We invoke sed twice because it is the # simplest approach to changing $(DEPDIR) to its actual value in the # expansion. for file in `sed -n " s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ - sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do + sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g'`; do # Make sure the directory exists. test -f "$dirpart/$file" && continue fdir=`AS_DIRNAME(["$file"])` @@ -398,7 +398,7 @@ # This macro should only be invoked once -- use via AC_REQUIRE. # # This code is only required when automatic dependency tracking -# is enabled. FIXME. This creates each `.P' file that we will +# is enabled. FIXME. This creates each '.P' file that we will # need in order to bootstrap the dependency handling code. AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], [AC_CONFIG_COMMANDS([depfiles], @@ -408,15 +408,12 @@ # Do all the work for Automake. -*- Autoconf -*- -# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, -# 2005, 2006, 2008, 2009 Free Software Foundation, Inc. +# Copyright (C) 1996-2012 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 16 - # This macro actually does too much. Some checks are only needed if # your package does certain things. But this isn't really a big deal. @@ -461,31 +458,41 @@ # Define the identity of the package. dnl Distinguish between old-style and new-style calls. m4_ifval([$2], -[m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl +[AC_DIAGNOSE([obsolete], +[$0: two- and three-arguments forms are deprecated. For more info, see: +http://www.gnu.org/software/automake/manual/automake.html#Modernize-AM_INIT_AUTOMAKE-invocation]) +m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl AC_SUBST([PACKAGE], [$1])dnl AC_SUBST([VERSION], [$2])], [_AM_SET_OPTIONS([$1])dnl dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT. -m4_if(m4_ifdef([AC_PACKAGE_NAME], 1)m4_ifdef([AC_PACKAGE_VERSION], 1), 11,, +m4_if( + m4_ifdef([AC_PACKAGE_NAME], [ok]):m4_ifdef([AC_PACKAGE_VERSION], [ok]), + [ok:ok],, [m4_fatal([AC_INIT should be called with package and version arguments])])dnl AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl _AM_IF_OPTION([no-define],, -[AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package]) - AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])])dnl +[AC_DEFINE_UNQUOTED([PACKAGE], ["$PACKAGE"], [Name of package]) + AC_DEFINE_UNQUOTED([VERSION], ["$VERSION"], [Version number of package])])dnl # Some tools Automake needs. AC_REQUIRE([AM_SANITY_CHECK])dnl AC_REQUIRE([AC_ARG_PROGRAM])dnl -AM_MISSING_PROG(ACLOCAL, aclocal-${am__api_version}) -AM_MISSING_PROG(AUTOCONF, autoconf) -AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version}) -AM_MISSING_PROG(AUTOHEADER, autoheader) -AM_MISSING_PROG(MAKEINFO, makeinfo) +AM_MISSING_PROG([ACLOCAL], [aclocal-${am__api_version}]) +AM_MISSING_PROG([AUTOCONF], [autoconf]) +AM_MISSING_PROG([AUTOMAKE], [automake-${am__api_version}]) +AM_MISSING_PROG([AUTOHEADER], [autoheader]) +AM_MISSING_PROG([MAKEINFO], [makeinfo]) AC_REQUIRE([AM_PROG_INSTALL_SH])dnl AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl -AC_REQUIRE([AM_PROG_MKDIR_P])dnl +AC_REQUIRE([AC_PROG_MKDIR_P])dnl +# For better backward compatibility. To be removed once Automake 1.9.x +# dies out for good. For more background, see: +# +# +AC_SUBST([mkdir_p], ['$(MKDIR_P)']) # We need awk for the "check" target. The system "awk" is bad on # some platforms. AC_REQUIRE([AC_PROG_AWK])dnl @@ -496,28 +503,35 @@ [_AM_PROG_TAR([v7])])]) _AM_IF_OPTION([no-dependencies],, [AC_PROVIDE_IFELSE([AC_PROG_CC], - [_AM_DEPENDENCIES(CC)], - [define([AC_PROG_CC], - defn([AC_PROG_CC])[_AM_DEPENDENCIES(CC)])])dnl + [_AM_DEPENDENCIES([CC])], + [m4_define([AC_PROG_CC], + m4_defn([AC_PROG_CC])[_AM_DEPENDENCIES([CC])])])dnl AC_PROVIDE_IFELSE([AC_PROG_CXX], - [_AM_DEPENDENCIES(CXX)], - [define([AC_PROG_CXX], - defn([AC_PROG_CXX])[_AM_DEPENDENCIES(CXX)])])dnl + [_AM_DEPENDENCIES([CXX])], + [m4_define([AC_PROG_CXX], + m4_defn([AC_PROG_CXX])[_AM_DEPENDENCIES([CXX])])])dnl AC_PROVIDE_IFELSE([AC_PROG_OBJC], - [_AM_DEPENDENCIES(OBJC)], - [define([AC_PROG_OBJC], - defn([AC_PROG_OBJC])[_AM_DEPENDENCIES(OBJC)])])dnl + [_AM_DEPENDENCIES([OBJC])], + [m4_define([AC_PROG_OBJC], + m4_defn([AC_PROG_OBJC])[_AM_DEPENDENCIES([OBJC])])])dnl +dnl Support for Objective C++ was only introduced in Autoconf 2.65, +dnl but we still cater to Autoconf 2.62. +m4_ifdef([AC_PROG_OBJCXX], +[AC_PROVIDE_IFELSE([AC_PROG_OBJCXX], + [_AM_DEPENDENCIES([OBJCXX])], + [m4_define([AC_PROG_OBJCXX], + m4_defn([AC_PROG_OBJCXX])[_AM_DEPENDENCIES([OBJCXX])])])])dnl ]) _AM_IF_OPTION([silent-rules], [AC_REQUIRE([AM_SILENT_RULES])])dnl -dnl The `parallel-tests' driver may need to know about EXEEXT, so add the -dnl `am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen. This macro +dnl The 'parallel-tests' driver may need to know about EXEEXT, so add the +dnl 'am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen. This macro dnl is hooked onto _AC_COMPILER_EXEEXT early, see below. AC_CONFIG_COMMANDS_PRE(dnl [m4_provide_if([_AM_COMPILER_EXEEXT], [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl ]) -dnl Hook into `_AC_COMPILER_EXEEXT' early to learn its expansion. Do not +dnl Hook into '_AC_COMPILER_EXEEXT' early to learn its expansion. Do not dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further dnl mangled by Autoconf and run in a shell conditional statement. m4_define([_AC_COMPILER_EXEEXT], @@ -545,7 +559,7 @@ done echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) -# Copyright (C) 2001, 2003, 2005, 2008 Free Software Foundation, Inc. +# Copyright (C) 2001-2012 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -564,16 +578,14 @@ install_sh="\${SHELL} $am_aux_dir/install-sh" esac fi -AC_SUBST(install_sh)]) +AC_SUBST([install_sh])]) -# Copyright (C) 2003, 2005 Free Software Foundation, Inc. +# Copyright (C) 2003-2012 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 2 - # Check whether the underlying file-system supports filenames # with a leading dot. For instance MS-DOS doesn't. AC_DEFUN([AM_SET_LEADING_DOT], @@ -589,14 +601,12 @@ # Check to see how 'make' treats includes. -*- Autoconf -*- -# Copyright (C) 2001, 2002, 2003, 2005, 2009 Free Software Foundation, Inc. +# Copyright (C) 2001-2012 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 4 - # AM_MAKE_INCLUDE() # ----------------- # Check to see how make treats includes. @@ -614,7 +624,7 @@ _am_result=none # First try GNU make style include. echo "include confinc" > confmf -# Ignore all kinds of additional output from `make'. +# Ignore all kinds of additional output from 'make'. case `$am_make -s -f confmf 2> /dev/null` in #( *the\ am__doit\ target*) am__include=include @@ -641,15 +651,12 @@ # Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- -# Copyright (C) 1997, 1999, 2000, 2001, 2003, 2004, 2005, 2008 -# Free Software Foundation, Inc. +# Copyright (C) 1997-2012 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 6 - # AM_MISSING_PROG(NAME, PROGRAM) # ------------------------------ AC_DEFUN([AM_MISSING_PROG], @@ -657,7 +664,6 @@ $1=${$1-"${am_missing_run}$2"} AC_SUBST($1)]) - # AM_MISSING_HAS_RUN # ------------------ # Define MISSING if not defined so far and test if it supports --run. @@ -678,59 +684,31 @@ am_missing_run="$MISSING --run " else am_missing_run= - AC_MSG_WARN([`missing' script is too old or missing]) + AC_MSG_WARN(['missing' script is too old or missing]) fi ]) -# Copyright (C) 2003, 2004, 2005, 2006 Free Software Foundation, Inc. -# -# This file is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# AM_PROG_MKDIR_P -# --------------- -# Check for `mkdir -p'. -AC_DEFUN([AM_PROG_MKDIR_P], -[AC_PREREQ([2.60])dnl -AC_REQUIRE([AC_PROG_MKDIR_P])dnl -dnl Automake 1.8 to 1.9.6 used to define mkdir_p. We now use MKDIR_P, -dnl while keeping a definition of mkdir_p for backward compatibility. -dnl @MKDIR_P@ is magic: AC_OUTPUT adjusts its value for each Makefile. -dnl However we cannot define mkdir_p as $(MKDIR_P) for the sake of -dnl Makefile.ins that do not define MKDIR_P, so we do our own -dnl adjustment using top_builddir (which is defined more often than -dnl MKDIR_P). -AC_SUBST([mkdir_p], ["$MKDIR_P"])dnl -case $mkdir_p in - [[\\/$]]* | ?:[[\\/]]*) ;; - */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;; -esac -]) - # Helper functions for option handling. -*- Autoconf -*- -# Copyright (C) 2001, 2002, 2003, 2005, 2008 Free Software Foundation, Inc. +# Copyright (C) 2001-2012 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 4 - # _AM_MANGLE_OPTION(NAME) # ----------------------- AC_DEFUN([_AM_MANGLE_OPTION], [[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])]) # _AM_SET_OPTION(NAME) -# ------------------------------ +# -------------------- # Set option NAME. Presently that only means defining a flag for this option. AC_DEFUN([_AM_SET_OPTION], -[m4_define(_AM_MANGLE_OPTION([$1]), 1)]) +[m4_define(_AM_MANGLE_OPTION([$1]), [1])]) # _AM_SET_OPTIONS(OPTIONS) -# ---------------------------------- +# ------------------------ # OPTIONS is a space-separated list of Automake options. AC_DEFUN([_AM_SET_OPTIONS], [m4_foreach_w([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])]) @@ -743,22 +721,16 @@ # Check to make sure that the build environment is sane. -*- Autoconf -*- -# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005, 2008 -# Free Software Foundation, Inc. +# Copyright (C) 1996-2012 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 5 - # AM_SANITY_CHECK # --------------- AC_DEFUN([AM_SANITY_CHECK], [AC_MSG_CHECKING([whether build environment is sane]) -# Just in case -sleep 1 -echo timestamp > conftest.file # Reject unsafe characters in $srcdir or the absolute working directory # name. Accept space and tab only in the latter. am_lf=' @@ -769,32 +741,40 @@ esac case $srcdir in *[[\\\"\#\$\&\'\`$am_lf\ \ ]]*) - AC_MSG_ERROR([unsafe srcdir value: `$srcdir']);; + AC_MSG_ERROR([unsafe srcdir value: '$srcdir']);; esac -# Do `set' in a subshell so we don't clobber the current shell's +# Do 'set' in a subshell so we don't clobber the current shell's # arguments. Must try -L first in case configure is actually a # symlink; some systems play weird games with the mod time of symlinks # (eg FreeBSD returns the mod time of the symlink's containing # directory). if ( - set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` - if test "$[*]" = "X"; then - # -L didn't work. - set X `ls -t "$srcdir/configure" conftest.file` - fi - rm -f conftest.file - if test "$[*]" != "X $srcdir/configure conftest.file" \ - && test "$[*]" != "X conftest.file $srcdir/configure"; then - - # If neither matched, then we have a broken ls. This can happen - # if, for instance, CONFIG_SHELL is bash and it inherits a - # broken ls alias from the environment. This has actually - # happened. Such a system could not be considered "sane". - AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken -alias in your environment]) - fi - + am_has_slept=no + for am_try in 1 2; do + echo "timestamp, slept: $am_has_slept" > conftest.file + set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` + if test "$[*]" = "X"; then + # -L didn't work. + set X `ls -t "$srcdir/configure" conftest.file` + fi + if test "$[*]" != "X $srcdir/configure conftest.file" \ + && test "$[*]" != "X conftest.file $srcdir/configure"; then + + # If neither matched, then we have a broken ls. This can happen + # if, for instance, CONFIG_SHELL is bash and it inherits a + # broken ls alias from the environment. This has actually + # happened. Such a system could not be considered "sane". + AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken + alias in your environment]) + fi + if test "$[2]" = conftest.file || test $am_try -eq 2; then + break + fi + # Just in case. + sleep 1 + am_has_slept=yes + done test "$[2]" = conftest.file ) then @@ -804,9 +784,25 @@ AC_MSG_ERROR([newly created file is older than distributed files! Check your system clock]) fi -AC_MSG_RESULT(yes)]) +AC_MSG_RESULT([yes]) +# If we didn't sleep, we still need to ensure time stamps of config.status and +# generated files are strictly newer. +am_sleep_pid= +if grep 'slept: no' conftest.file >/dev/null 2>&1; then + ( sleep 1 ) & + am_sleep_pid=$! +fi +AC_CONFIG_COMMANDS_PRE( + [AC_MSG_CHECKING([that generated files are newer than configure]) + if test -n "$am_sleep_pid"; then + # Hide warnings about reused PIDs. + wait $am_sleep_pid 2>/dev/null + fi + AC_MSG_RESULT([done])]) +rm -f conftest.file +]) -# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc. +# Copyright (C) 2001-2012 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -814,34 +810,32 @@ # AM_PROG_INSTALL_STRIP # --------------------- -# One issue with vendor `install' (even GNU) is that you can't +# One issue with vendor 'install' (even GNU) is that you can't # specify the program used to strip binaries. This is especially # annoying in cross-compiling environments, where the build's strip # is unlikely to handle the host's binaries. # Fortunately install-sh will honor a STRIPPROG variable, so we -# always use install-sh in `make install-strip', and initialize +# always use install-sh in "make install-strip", and initialize # STRIPPROG with the value of the STRIP variable (set by the user). AC_DEFUN([AM_PROG_INSTALL_STRIP], [AC_REQUIRE([AM_PROG_INSTALL_SH])dnl -# Installed binaries are usually stripped using `strip' when the user -# run `make install-strip'. However `strip' might not be the right +# Installed binaries are usually stripped using 'strip' when the user +# run "make install-strip". However 'strip' might not be the right # tool to use in cross-compilation environments, therefore Automake -# will honor the `STRIP' environment variable to overrule this program. -dnl Don't test for $cross_compiling = yes, because it might be `maybe'. +# will honor the 'STRIP' environment variable to overrule this program. +dnl Don't test for $cross_compiling = yes, because it might be 'maybe'. if test "$cross_compiling" != no; then AC_CHECK_TOOL([STRIP], [strip], :) fi INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" AC_SUBST([INSTALL_STRIP_PROGRAM])]) -# Copyright (C) 2006, 2008 Free Software Foundation, Inc. +# Copyright (C) 2006-2012 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 2 - # _AM_SUBST_NOTMAKE(VARIABLE) # --------------------------- # Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in. @@ -849,24 +843,22 @@ AC_DEFUN([_AM_SUBST_NOTMAKE]) # AM_SUBST_NOTMAKE(VARIABLE) -# --------------------------- +# -------------------------- # Public sister of _AM_SUBST_NOTMAKE. AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)]) # Check how to create a tarball. -*- Autoconf -*- -# Copyright (C) 2004, 2005 Free Software Foundation, Inc. +# Copyright (C) 2004-2012 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 2 - # _AM_PROG_TAR(FORMAT) # -------------------- # Check how to create a tarball in format FORMAT. -# FORMAT should be one of `v7', `ustar', or `pax'. +# FORMAT should be one of 'v7', 'ustar', or 'pax'. # # Substitute a variable $(am__tar) that is a command # writing to stdout a FORMAT-tarball containing the directory @@ -877,10 +869,11 @@ # a tarball read from stdin. # $(am__untar) < result.tar AC_DEFUN([_AM_PROG_TAR], -[# Always define AMTAR for backward compatibility. -AM_MISSING_PROG([AMTAR], [tar]) +[# Always define AMTAR for backward compatibility. Yes, it's still used +# in the wild :-( We should find a proper way to deprecate it ... +AC_SUBST([AMTAR], ['$${TAR-tar}']) m4_if([$1], [v7], - [am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'], + [am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'], [m4_case([$1], [ustar],, [pax],, [m4_fatal([Unknown tar format])]) AC_MSG_CHECKING([how to create a $1 tar archive]) @@ -888,7 +881,7 @@ _am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none' _am_tools=${am_cv_prog_tar_$1-$_am_tools} # Do not fold the above two line into one, because Tru64 sh and -# Solaris sh will not grok spaces in the rhs of `-'. +# Solaris sh will not grok spaces in the rhs of '-'. for _am_tool in $_am_tools do case $_am_tool in @@ -951,6 +944,7 @@ m4_include([m4/acinclude.m4]) m4_include([m4/acx_pthread.m4]) +m4_include([m4/boost.m4]) m4_include([m4/doxygen.m4]) m4_include([m4/libtool.m4]) m4_include([m4/ltoptions.m4]) diff -Nru shibboleth-sp2-2.4.3+dfsg/adfs/Makefile.am shibboleth-sp2-2.5.2+dfsg/adfs/Makefile.am --- shibboleth-sp2-2.4.3+dfsg/adfs/Makefile.am 2011-06-28 00:39:28.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/adfs/Makefile.am 2012-07-23 20:08:29.000000000 +0000 @@ -1,6 +1,6 @@ AUTOMAKE_OPTIONS = foreign -plugindir = $(libdir)/@PACKAGE@ +plugindir = $(libdir)/@PACKAGE_NAME@ plugin_LTLIBRARIES = adfs.la adfs-lite.la adfs_la_LIBADD = $(XMLSEC_LIBS) \ @@ -19,7 +19,7 @@ adfs_lite_la_LDFLAGS = -module -avoid-version adfs_lite_la_CPPFLAGS = -DSHIBSP_LITE -install-exec-hook: +install-data-hook: for la in $(plugin_LTLIBRARIES) ; do rm -f $(DESTDIR)$(plugindir)/$$la ; done EXTRA_DIST = adfs.vcxproj adfs-lite.vcxproj resource.h adfs.rc diff -Nru shibboleth-sp2-2.4.3+dfsg/adfs/Makefile.in shibboleth-sp2-2.5.2+dfsg/adfs/Makefile.in --- shibboleth-sp2-2.4.3+dfsg/adfs/Makefile.in 2011-06-28 01:29:27.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/adfs/Makefile.in 2013-06-16 22:06:20.000000000 +0000 @@ -1,9 +1,8 @@ -# Makefile.in generated by automake 1.11.1 from Makefile.am. +# Makefile.in generated by automake 1.12.6 from Makefile.am. # @configure_input@ -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, -# Inc. +# Copyright (C) 1994-2012 Free Software Foundation, Inc. + # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,6 +15,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -35,13 +51,15 @@ build_triplet = @build@ host_triplet = @host@ subdir = adfs -DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ + $(top_srcdir)/build-aux/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/acinclude.m4 \ - $(top_srcdir)/m4/acx_pthread.m4 $(top_srcdir)/m4/doxygen.m4 \ - $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ - $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ - $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac + $(top_srcdir)/m4/acx_pthread.m4 $(top_srcdir)/m4/boost.m4 \ + $(top_srcdir)/m4/doxygen.m4 $(top_srcdir)/m4/libtool.m4 \ + $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ + $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ + $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d @@ -70,6 +88,12 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } am__installdirs = "$(DESTDIR)$(plugindir)" LTLIBRARIES = $(plugin_LTLIBRARIES) am__DEPENDENCIES_1 = @@ -102,6 +126,11 @@ $(LDFLAGS) -o $@ SOURCES = $(adfs_lite_la_SOURCES) $(adfs_la_SOURCES) DIST_SOURCES = $(adfs_lite_la_SOURCES) $(adfs_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -116,6 +145,9 @@ APXS22 = @APXS22@ APXS22_CFLAGS = @APXS22_CFLAGS@ APXS22_INCLUDE = @APXS22_INCLUDE@ +APXS24 = @APXS24@ +APXS24_CFLAGS = @APXS24_CFLAGS@ +APXS24_INCLUDE = @APXS24_INCLUDE@ APXS2_CFLAGS = @APXS2_CFLAGS@ APXS2_INCLUDE = @APXS2_INCLUDE@ APXS_CFLAGS = @APXS_CFLAGS@ @@ -125,6 +157,8 @@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ +BOOST_CPPFLAGS = @BOOST_CPPFLAGS@ +BOOST_ROOT = @BOOST_ROOT@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ @@ -137,6 +171,7 @@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ +DISTCHECK_CONFIGURE_FLAGS = @DISTCHECK_CONFIGURE_FLAGS@ DLLTOOL = @DLLTOOL@ DOXYGEN_PAPER_SIZE = @DOXYGEN_PAPER_SIZE@ DSYMUTIL = @DSYMUTIL@ @@ -284,7 +319,7 @@ top_srcdir = @top_srcdir@ xs = @xs@ AUTOMAKE_OPTIONS = foreign -plugindir = $(libdir)/@PACKAGE@ +plugindir = $(libdir)/@PACKAGE_NAME@ plugin_LTLIBRARIES = adfs.la adfs-lite.la adfs_la_LIBADD = $(XMLSEC_LIBS) \ $(top_builddir)/shibsp/libshibsp.la @@ -338,7 +373,6 @@ $(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -346,6 +380,8 @@ else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } @@ -361,15 +397,17 @@ clean-pluginLTLIBRARIES: -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ - test "$$dir" != "$$p" || dir=.; \ - echo "rm -f \"$${dir}/so_locations\""; \ - rm -f "$${dir}/so_locations"; \ - done -adfs-lite.la: $(adfs_lite_la_OBJECTS) $(adfs_lite_la_DEPENDENCIES) + @list='$(plugin_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } +adfs-lite.la: $(adfs_lite_la_OBJECTS) $(adfs_lite_la_DEPENDENCIES) $(EXTRA_adfs_lite_la_DEPENDENCIES) $(adfs_lite_la_LINK) -rpath $(plugindir) $(adfs_lite_la_OBJECTS) $(adfs_lite_la_LIBADD) $(LIBS) -adfs.la: $(adfs_la_OBJECTS) $(adfs_la_DEPENDENCIES) +adfs.la: $(adfs_la_OBJECTS) $(adfs_la_DEPENDENCIES) $(EXTRA_adfs_la_DEPENDENCIES) $(adfs_la_LINK) -rpath $(plugindir) $(adfs_la_OBJECTS) $(adfs_la_LIBADD) $(LIBS) mostlyclean-compile: @@ -464,6 +502,20 @@ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: $(HEADERS) $(SOURCES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -514,10 +566,15 @@ installcheck: installcheck-am install-strip: - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - `test -z '$(STRIP)' || \ - echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi mostlyclean-generic: clean-generic: @@ -553,14 +610,14 @@ info-am: install-data-am: install-pluginLTLIBRARIES - + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-dvi: install-dvi-am install-dvi-am: install-exec-am: - @$(NORMAL_INSTALL) - $(MAKE) $(AM_MAKEFLAGS) install-exec-hook + install-html: install-html-am install-html-am: @@ -601,25 +658,25 @@ uninstall-am: uninstall-pluginLTLIBRARIES -.MAKE: install-am install-exec-am install-strip +.MAKE: install-am install-data-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-exec-hook \ - install-html install-html-am install-info install-info-am \ - install-man install-pdf install-pdf-am \ - install-pluginLTLIBRARIES install-ps install-ps-am \ - install-strip installcheck installcheck-am installdirs \ - maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ - pdf pdf-am ps ps-am tags uninstall uninstall-am \ - uninstall-pluginLTLIBRARIES + clean-libtool clean-pluginLTLIBRARIES cscopelist ctags \ + distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-data-hook install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-pluginLTLIBRARIES install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \ + uninstall-am uninstall-pluginLTLIBRARIES -install-exec-hook: +install-data-hook: for la in $(plugin_LTLIBRARIES) ; do rm -f $(DESTDIR)$(plugindir)/$$la ; done # Tell versions [3.59,3.63) of GNU make to not export all variables. diff -Nru shibboleth-sp2-2.4.3+dfsg/adfs/adfs-lite.vcxproj shibboleth-sp2-2.5.2+dfsg/adfs/adfs-lite.vcxproj --- shibboleth-sp2-2.4.3+dfsg/adfs/adfs-lite.vcxproj 2011-06-28 00:39:28.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/adfs/adfs-lite.vcxproj 2013-05-23 16:57:05.000000000 +0000 @@ -1,4 +1,4 @@ - + @@ -58,15 +58,16 @@ + + + <_ProjectFileVersion>10.0.30319.1 - $(SolutionDir)$(Configuration)\ $(ProjectName)-$(Configuration)\ true $(SolutionDir)$(Platform)\$(Configuration)\ $(Platform)\$(ProjectName)-$(Configuration)\ true - $(SolutionDir)$(Configuration)\ $(ProjectName)-$(Configuration)\ false $(SolutionDir)$(Platform)\$(Configuration)\ @@ -208,4 +209,4 @@ - \ No newline at end of file + diff -Nru shibboleth-sp2-2.4.3+dfsg/adfs/adfs.cpp shibboleth-sp2-2.5.2+dfsg/adfs/adfs.cpp --- shibboleth-sp2-2.4.3+dfsg/adfs/adfs.cpp 2011-06-28 00:39:28.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/adfs/adfs.cpp 2012-07-23 20:08:29.000000000 +0000 @@ -45,6 +45,7 @@ #include #include #include +#include #include #include #include @@ -79,6 +80,7 @@ using namespace xmltooling::logging; using namespace xmltooling; using namespace xercesc; +using namespace boost; using namespace std; #define WSFED_NS "http://schemas.xmlsoap.org/ws/2003/07/secext" @@ -152,6 +154,12 @@ return m_binding.get(); } +#ifndef SHIBSP_LITE + void generateMetadata(saml2md::SPSSODescriptor& role, const char* handlerURL) const { + doGenerateMetadata(role, handlerURL); + } +#endif + private: pair doRequest( const Application& application, @@ -335,13 +343,13 @@ { // We have to know the IdP to function. if (entityID.empty() || !checkCompatibility(request, isHandler)) - return make_pair(false,0L); + return make_pair(false, 0L); string target; pair prop; pair acClass; - const Handler* ACS=nullptr; - const Application& app=request.getApplication(); + const Handler* ACS = nullptr; + const Application& app = request.getApplication(); if (isHandler) { prop.second = request.getParameter("acsIndex"); @@ -358,6 +366,7 @@ // Since we're passing the ACS by value, we need to compute the return URL, // so we'll need the target resource for real. recoverRelayState(app, request, request, target, false); + app.limitRedirect(request, target.c_str()); acClass = getString("authnContextClassRef", request); } @@ -389,7 +398,7 @@ // Since we're not passing by index, we need to fully compute the return URL. // Compute the ACS URL. We add the ACS location to the base handlerURL. - string ACSloc=request.getHandlerURL(target.c_str()); + string ACSloc = request.getHandlerURL(target.c_str()); prop = ACS->getString("Location"); if (prop.first) ACSloc += prop.second; @@ -441,8 +450,8 @@ void ADFSSessionInitiator::receive(DDF& in, ostream& out) { // Find application. - const char* aid=in["application_id"].string(); - const Application* app=aid ? SPConfig::getConfig().getServiceProvider()->getApplication(aid) : nullptr; + const char* aid = in["application_id"].string(); + const Application* app = aid ? SPConfig::getConfig().getServiceProvider()->getApplication(aid) : nullptr; if (!app) { // Something's horribly wrong. m_log.error("couldn't find application (%s) to generate ADFS request", aid ? aid : "(missing)"); @@ -458,14 +467,14 @@ DDFJanitor jout(ret); // Wrap the outgoing object with a Response facade. - auto_ptr http(getResponse(ret)); + scoped_ptr http(getResponse(ret)); string relayState(in["RelayState"].string() ? in["RelayState"].string() : ""); // Since we're remoted, the result should either be a throw, which we pass on, // a false/0 return, which we just return as an empty structure, or a response/redirect, // which we capture in the facade and send back. - doRequest(*app, nullptr, *http.get(), entityID, acsLocation, in["authnContextClassRef"].string(), relayState); + doRequest(*app, nullptr, *http, entityID, acsLocation, in["authnContextClassRef"].string(), relayState); if (!ret.isstruct()) ret.structure(); ret.addmember("RelayState").unsafe_string(relayState.c_str()); @@ -484,10 +493,10 @@ { #ifndef SHIBSP_LITE // Use metadata to invoke the SSO service directly. - MetadataProvider* m=app.getMetadataProvider(); + MetadataProvider* m = app.getMetadataProvider(); Locker locker(m); MetadataProviderCriteria mc(app, entityID, &IDPSSODescriptor::ELEMENT_QNAME, m_binding.get()); - pair entity=m->getEntityDescriptor(mc); + pair entity = m->getEntityDescriptor(mc); if (!entity.first) { m_log.warn("unable to locate metadata for provider (%s)", entityID); throw MetadataException("Unable to locate metadata for identity provider ($entityID)", namedparams(1, "entityID", entityID)); @@ -495,7 +504,7 @@ else if (!entity.second) { m_log.log(getParent() ? Priority::INFO : Priority::WARN, "unable to locate ADFS-aware identity provider role for provider (%s)", entityID); if (getParent()) - return make_pair(false,0L); + return make_pair(false, 0L); throw MetadataException("Unable to locate ADFS-aware identity provider role for provider ($entityID)", namedparams(1, "entityID", entityID)); } const EndpointType* ep = EndpointManager( @@ -504,12 +513,20 @@ if (!ep) { m_log.warn("unable to locate compatible SSO service for provider (%s)", entityID); if (getParent()) - return make_pair(false,0L); + return make_pair(false, 0L); throw MetadataException("Unable to locate compatible SSO service for provider ($entityID)", namedparams(1, "entityID", entityID)); } preserveRelayState(app, httpResponse, relayState); + scoped_ptr ar_event(newAuthnRequestEvent(app, httpRequest)); + if (ar_event.get()) { + ar_event->m_binding = WSFED_NS; + ar_event->m_protocol = WSFED_NS; + ar_event->m_peer = entity.first; + app.getServiceProvider().getTransactionLog()->write(*ar_event); + } + // UTC timestamp time_t epoch=time(nullptr); #ifndef HAVE_GMTIME_R @@ -538,7 +555,7 @@ return make_pair(true, httpResponse.sendRedirect(req.c_str())); #else - return make_pair(false,0L); + return make_pair(false, 0L); #endif } @@ -639,8 +656,10 @@ if (!policy.isAuthenticated()) throw SecurityPolicyException("Unable to establish security of incoming assertion."); - saml1::NameIdentifier* saml1name=nullptr; - saml2::NameID* saml2name=nullptr; + const saml1::NameIdentifier* saml1name=nullptr; + const saml1::AuthenticationStatement* saml1statement=nullptr; + const saml2::NameID* saml2name=nullptr; + const saml2::AuthnStatement* saml2statement=nullptr; const XMLCh* authMethod=nullptr; const XMLCh* authInstant=nullptr; time_t now = time(nullptr), sessionExp = 0; @@ -657,13 +676,13 @@ // authnskew allows rejection of SSO if AuthnInstant is too old. pair authnskew = sessionProps ? sessionProps->getUnsignedInt("maxTimeSinceAuthn") : pair(false,0); - const saml1::AuthenticationStatement* ssoStatement=saml1token->getAuthenticationStatements().front(); - if (ssoStatement->getAuthenticationInstant()) { - if (ssoStatement->getAuthenticationInstantEpoch() - XMLToolingConfig::getConfig().clock_skew_secs > now) { + saml1statement = saml1token->getAuthenticationStatements().front(); + if (saml1statement->getAuthenticationInstant()) { + if (saml1statement->getAuthenticationInstantEpoch() - XMLToolingConfig::getConfig().clock_skew_secs > now) { throw FatalProfileException("The login time at your identity provider was future-dated."); } - else if (authnskew.first && authnskew.second && ssoStatement->getAuthenticationInstantEpoch() <= now && - (now - ssoStatement->getAuthenticationInstantEpoch() > authnskew.second)) { + else if (authnskew.first && authnskew.second && saml1statement->getAuthenticationInstantEpoch() <= now && + (now - saml1statement->getAuthenticationInstantEpoch() > authnskew.second)) { throw FatalProfileException("The gap between now and the time you logged into your identity provider exceeds the allowed limit."); } } @@ -672,16 +691,16 @@ } // Address checking. - saml1::SubjectLocality* locality = ssoStatement->getSubjectLocality(); + saml1::SubjectLocality* locality = saml1statement->getSubjectLocality(); if (locality && locality->getIPAddress()) { auto_ptr_char ip(locality->getIPAddress()); checkAddress(application, httpRequest, ip.get()); } - saml1name = ssoStatement->getSubject()->getNameIdentifier(); - authMethod = ssoStatement->getAuthenticationMethod(); - if (ssoStatement->getAuthenticationInstant()) - authInstant = ssoStatement->getAuthenticationInstant()->getRawData(); + saml1name = saml1statement->getSubject()->getNameIdentifier(); + authMethod = saml1statement->getAuthenticationMethod(); + if (saml1statement->getAuthenticationInstant()) + authInstant = saml1statement->getAuthenticationInstant()->getRawData(); // Session expiration. pair lifetime = sessionProps ? sessionProps->getUnsignedInt("lifetime") : pair(true,28800); @@ -703,26 +722,26 @@ // authnskew allows rejection of SSO if AuthnInstant is too old. pair authnskew = sessionProps ? sessionProps->getUnsignedInt("maxTimeSinceAuthn") : pair(false,0); - const saml2::AuthnStatement* ssoStatement=saml2token->getAuthnStatements().front(); + saml2statement = saml2token->getAuthnStatements().front(); if (authnskew.first && authnskew.second && - ssoStatement->getAuthnInstant() && (now - ssoStatement->getAuthnInstantEpoch() > authnskew.second)) + saml2statement->getAuthnInstant() && (now - saml2statement->getAuthnInstantEpoch() > authnskew.second)) throw FatalProfileException("The gap between now and the time you logged into your identity provider exceeds the limit."); // Address checking. - saml2::SubjectLocality* locality = ssoStatement->getSubjectLocality(); + saml2::SubjectLocality* locality = saml2statement->getSubjectLocality(); if (locality && locality->getAddress()) { auto_ptr_char ip(locality->getAddress()); checkAddress(application, httpRequest, ip.get()); } saml2name = saml2token->getSubject() ? saml2token->getSubject()->getNameID() : nullptr; - if (ssoStatement->getAuthnContext() && ssoStatement->getAuthnContext()->getAuthnContextClassRef()) - authMethod = ssoStatement->getAuthnContext()->getAuthnContextClassRef()->getReference(); - if (ssoStatement->getAuthnInstant()) - authInstant = ssoStatement->getAuthnInstant()->getRawData(); + if (saml2statement->getAuthnContext() && saml2statement->getAuthnContext()->getAuthnContextClassRef()) + authMethod = saml2statement->getAuthnContext()->getAuthnContextClassRef()->getReference(); + if (saml2statement->getAuthnInstant()) + authInstant = saml2statement->getAuthnInstant()->getRawData(); // Session expiration for SAML 2.0 is jointly IdP- and SP-driven. - sessionExp = ssoStatement->getSessionNotOnOrAfter() ? ssoStatement->getSessionNotOnOrAfterEpoch() : 0; + sessionExp = saml2statement->getSessionNotOnOrAfter() ? saml2statement->getSessionNotOnOrAfterEpoch() : 0; pair lifetime = sessionProps ? sessionProps->getUnsignedInt("lifetime") : pair(true,28800); if (!lifetime.first || lifetime.second == 0) lifetime.second = 28800; @@ -738,7 +757,7 @@ // To complete processing, we need to extract and resolve attributes and then create the session. // Normalize a SAML 1.x NameIdentifier... - auto_ptr nameid(saml1name ? saml2::NameIDBuilder::buildNameID() : nullptr); + scoped_ptr nameid(saml1name ? saml2::NameIDBuilder::buildNameID() : nullptr); if (saml1name) { nameid->setName(saml1name->getName()); nameid->setFormat(saml1name->getFormat()); @@ -747,13 +766,17 @@ // The context will handle deleting attributes and new tokens. vector tokens(1,token); - auto_ptr ctx( + scoped_ptr ctx( resolveAttributes( application, + &httpRequest, policy.getIssuerMetadata(), m_protocol.get(), + nullptr, saml1name, + saml1statement, (saml1name ? nameid.get() : saml2name), + saml2statement, authMethod, nullptr, &tokens @@ -765,7 +788,9 @@ tokens.insert(tokens.end(), ctx->getResolvedAssertions().begin(), ctx->getResolvedAssertions().end()); } + string session_id; application.getServiceProvider().getSessionCache()->insert( + session_id, application, httpRequest, httpResponse, @@ -778,8 +803,22 @@ authMethod, nullptr, &tokens, - ctx.get() ? &ctx->getResolvedAttributes() : nullptr + ctx ? &ctx->getResolvedAttributes() : nullptr ); + + scoped_ptr login_event(newLoginEvent(application, httpRequest)); + if (login_event) { + login_event->m_sessionID = session_id.c_str(); + login_event->m_peer = entity; + login_event->m_protocol = WSFED_NS; + login_event->m_binding = WSFED_NS; + login_event->m_saml1AuthnStatement = saml1statement; + login_event->m_nameID = (saml1name ? nameid.get() : saml2name); + login_event->m_saml2AuthnStatement = saml2statement; + if (ctx) + login_event->m_attributes = &ctx->getResolvedAttributes(); + application.getServiceProvider().getTransactionLog()->write(*login_event); + } } #endif @@ -796,22 +835,19 @@ try { session = request.getSession(false, true, false); // don't cache it and ignore all checks if (!session) - return make_pair(false,0L); + return make_pair(false, 0L); // We only handle ADFS sessions. if (!XMLString::equals(session->getProtocol(), WSFED_NS) || !session->getEntityID()) { session->unlock(); - return make_pair(false,0L); + return make_pair(false, 0L); } } - catch (exception& ex) { + catch (std::exception& ex) { m_log.error("error accessing current session: %s", ex.what()); return make_pair(false,0L); } - string entityID(session->getEntityID()); - session->unlock(); - if (SPConfig::getConfig().isEnabled(SPConfig::OutOfProcess)) { // When out of process, we run natively. return doRequest(request.getApplication(), request, request, session); @@ -820,7 +856,8 @@ // When not out of process, we remote the request. session->unlock(); vector headers(1,"Cookie"); - DDF out,in = wrap(request,&headers); + headers.push_back("User-Agent"); + DDF out,in = wrap(request, &headers); DDFJanitor jin(in), jout(out); out=request.getServiceProvider().getListenerService()->send(in); return unwrap(request, out); @@ -835,8 +872,8 @@ return LogoutHandler::receive(in, out); // Find application. - const char* aid=in["application_id"].string(); - const Application* app=aid ? SPConfig::getConfig().getServiceProvider()->getApplication(aid) : nullptr; + const char* aid = in["application_id"].string(); + const Application* app = aid ? SPConfig::getConfig().getServiceProvider()->getApplication(aid) : nullptr; if (!app) { // Something's horribly wrong. m_log.error("couldn't find application (%s) for logout", aid ? aid : "(missing)"); @@ -844,18 +881,18 @@ } // Unpack the request. - auto_ptr req(getRequest(in)); + scoped_ptr req(getRequest(in)); // Set up a response shim. DDF ret(nullptr); DDFJanitor jout(ret); - auto_ptr resp(getResponse(ret)); + scoped_ptr resp(getResponse(ret)); Session* session = nullptr; try { - session = app->getServiceProvider().getSessionCache()->find(*app, *req.get(), nullptr, nullptr); + session = app->getServiceProvider().getSessionCache()->find(*app, *req, nullptr, nullptr); } - catch (exception& ex) { + catch (std::exception& ex) { m_log.error("error accessing current session: %s", ex.what()); } @@ -865,12 +902,12 @@ // Since we're remoted, the result should either be a throw, which we pass on, // a false/0 return, which we just return as an empty structure, or a response/redirect, // which we capture in the facade and send back. - doRequest(*app, *req.get(), *resp.get(), session); + doRequest(*app, *req, *resp, session); } else { - m_log.error("no issuing entityID found in session"); - session->unlock(); - app->getServiceProvider().getSessionCache()->remove(*app, *req.get(), resp.get()); + m_log.error("no issuing entityID found in session"); + session->unlock(); + app->getServiceProvider().getSessionCache()->remove(*app, *req, resp.get()); } } out << ret; @@ -883,20 +920,30 @@ const Application& application, const HTTPRequest& httpRequest, HTTPResponse& httpResponse, Session* session ) const { + Locker sessionLocker(session, false); + // Do back channel notification. vector sessions(1, session->getID()); if (!notifyBackChannel(application, httpRequest.getRequestURL(), sessions, false)) { - session->unlock(); +#ifndef SHIBSP_LITE + scoped_ptr logout_event(newLogoutEvent(application, &httpRequest, session)); + if (logout_event) { + logout_event->m_logoutType = LogoutEvent::LOGOUT_EVENT_PARTIAL; + application.getServiceProvider().getTransactionLog()->write(*logout_event); + } +#endif + sessionLocker.assign(); + session = nullptr; application.getServiceProvider().getSessionCache()->remove(application, httpRequest, &httpResponse); return sendLogoutPage(application, httpRequest, httpResponse, "partial"); } #ifndef SHIBSP_LITE - pair ret = make_pair(false,0L); + pair ret = make_pair(false, 0L); try { // With a session in hand, we can create a request message, if we can find a compatible endpoint. - MetadataProvider* m=application.getMetadataProvider(); + MetadataProvider* m = application.getMetadataProvider(); Locker metadataLocker(m); MetadataProviderCriteria mc(application, session->getEntityID(), &IDPSSODescriptor::ELEMENT_QNAME, m_binding.get()); pair entity=m->getEntityDescriptor(mc); @@ -921,23 +968,45 @@ ); } - const URLEncoder* urlenc = XMLToolingConfig::getConfig().getURLEncoder(); const char* returnloc = httpRequest.getParameter("return"); + if (returnloc) + application.limitRedirect(httpRequest, returnloc); + + // Log the request. + scoped_ptr logout_event(newLogoutEvent(application, &httpRequest, session)); + if (logout_event) { + logout_event->m_logoutType = LogoutEvent::LOGOUT_EVENT_UNKNOWN; + application.getServiceProvider().getTransactionLog()->write(*logout_event); + } + auto_ptr_char dest(ep->getLocation()); string req=string(dest.get()) + (strchr(dest.get(),'?') ? '&' : '?') + "wa=wsignout1.0"; - if (returnloc) - req += "&wreply=" + urlenc->encode(returnloc); + if (returnloc) { + req += "&wreply="; + if (*returnloc == '/') { + string s(returnloc); + httpRequest.absolutize(s); + req += XMLToolingConfig::getConfig().getURLEncoder()->encode(s.c_str()); + } + else { + req += XMLToolingConfig::getConfig().getURLEncoder()->encode(returnloc); + } + } ret.second = httpResponse.sendRedirect(req.c_str()); ret.first = true; + + if (session) { + sessionLocker.assign(); + session = nullptr; + application.getServiceProvider().getSessionCache()->remove(application, httpRequest, &httpResponse); + } } - catch (exception& ex) { - m_log.error("error issuing ADFS logout request: %s", ex.what()); + catch (MetadataException& mex) { + // Less noise for IdPs that don't support logout + m_log.info("unable to issue ADFS logout request: %s", mex.what()); } - - if (session) { - session->unlock(); - session = nullptr; - application.getServiceProvider().getSessionCache()->remove(application, httpRequest, &httpResponse); + catch (std::exception& ex) { + m_log.error("error issuing ADFS logout request: %s", ex.what()); } return ret; @@ -989,12 +1058,21 @@ try { app.getServiceProvider().getSessionCache()->remove(app, request, &request); } - catch (exception& ex) { + catch (std::exception& ex) { m_log.error("error removing session (%s): %s", session_id.c_str(), ex.what()); } } - if (param) - return make_pair(true, request.sendRedirect(param)); + if (param) { + if (*param == '/') { + string p(param); + request.absolutize(p); + return make_pair(true, request.sendRedirect(p.c_str())); + } + else { + app.limitRedirect(request, param); + return make_pair(true, request.sendRedirect(param)); + } + } return sendLogoutPage(app, request, request, "global"); } diff -Nru shibboleth-sp2-2.4.3+dfsg/adfs/adfs.rc shibboleth-sp2-2.5.2+dfsg/adfs/adfs.rc --- shibboleth-sp2-2.4.3+dfsg/adfs/adfs.rc 2011-06-28 00:39:28.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/adfs/adfs.rc 2013-05-19 23:35:08.000000000 +0000 @@ -1,117 +1,117 @@ -//Microsoft Developer Studio generated resource script. -// -#include "resource.h" - -#define APSTUDIO_READONLY_SYMBOLS -///////////////////////////////////////////////////////////////////////////// -// -// Generated from the TEXTINCLUDE 2 resource. -// -#include "afxres.h" - -///////////////////////////////////////////////////////////////////////////// -#undef APSTUDIO_READONLY_SYMBOLS - -///////////////////////////////////////////////////////////////////////////// -// English (U.S.) resources - -#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU) -#ifdef _WIN32 -LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US -#pragma code_page(1252) -#endif //_WIN32 - -#ifdef APSTUDIO_INVOKED -///////////////////////////////////////////////////////////////////////////// -// -// TEXTINCLUDE -// - -1 TEXTINCLUDE DISCARDABLE -BEGIN - "resource.h\0" -END - -2 TEXTINCLUDE DISCARDABLE -BEGIN - "#include ""afxres.h""\r\n" - "\0" -END - -3 TEXTINCLUDE DISCARDABLE -BEGIN - "\r\n" - "\0" -END - -#endif // APSTUDIO_INVOKED - - -#ifndef _MAC -///////////////////////////////////////////////////////////////////////////// -// -// Version -// - -VS_VERSION_INFO VERSIONINFO - FILEVERSION 2,4,3,0 - PRODUCTVERSION 2,4,3,0 - FILEFLAGSMASK 0x3fL -#ifdef _DEBUG - FILEFLAGS 0x1L -#else - FILEFLAGS 0x0L -#endif - FILEOS 0x40004L - FILETYPE 0x2L - FILESUBTYPE 0x0L -BEGIN - BLOCK "StringFileInfo" - BEGIN - BLOCK "040904b0" - BEGIN - VALUE "Comments", "\0" - VALUE "CompanyName", "UCAID\0" - VALUE "FileDescription", "Shibboleth ADFSv1 Plugin\0" - VALUE "FileVersion", "2, 4, 3, 0\0" -#ifdef SHIBSP_LITE - VALUE "InternalName", "adfs-lite\0" -#else - VALUE "InternalName", "adfs\0" -#endif - VALUE "LegalCopyright", "Copyright © 2011 UCAID\0" - VALUE "LegalTrademarks", "\0" -#ifdef SHIBSP_LITE - VALUE "OriginalFilename", "adfs-lite.so\0" -#else - VALUE "OriginalFilename", "adfs.so\0" -#endif - VALUE "PrivateBuild", "\0" - VALUE "ProductName", "Shibboleth 2.4.3\0" - VALUE "ProductVersion", "2, 4, 3, 0\0" - VALUE "SpecialBuild", "\0" - END - END - BLOCK "VarFileInfo" - BEGIN - VALUE "Translation", 0x409, 1200 - END -END - -#endif // !_MAC - -#endif // English (U.S.) resources -///////////////////////////////////////////////////////////////////////////// - - - -#ifndef APSTUDIO_INVOKED -///////////////////////////////////////////////////////////////////////////// -// -// Generated from the TEXTINCLUDE 3 resource. -// - - -///////////////////////////////////////////////////////////////////////////// -#endif // not APSTUDIO_INVOKED - +//Microsoft Developer Studio generated resource script. +// +#include "resource.h" + +#define APSTUDIO_READONLY_SYMBOLS +///////////////////////////////////////////////////////////////////////////// +// +// Generated from the TEXTINCLUDE 2 resource. +// +#include "afxres.h" + +///////////////////////////////////////////////////////////////////////////// +#undef APSTUDIO_READONLY_SYMBOLS + +///////////////////////////////////////////////////////////////////////////// +// English (U.S.) resources + +#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU) +#ifdef _WIN32 +LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US +#pragma code_page(1252) +#endif //_WIN32 + +#ifdef APSTUDIO_INVOKED +///////////////////////////////////////////////////////////////////////////// +// +// TEXTINCLUDE +// + +1 TEXTINCLUDE DISCARDABLE +BEGIN + "resource.h\0" +END + +2 TEXTINCLUDE DISCARDABLE +BEGIN + "#include ""afxres.h""\r\n" + "\0" +END + +3 TEXTINCLUDE DISCARDABLE +BEGIN + "\r\n" + "\0" +END + +#endif // APSTUDIO_INVOKED + + +#ifndef _MAC +///////////////////////////////////////////////////////////////////////////// +// +// Version +// + +VS_VERSION_INFO VERSIONINFO + FILEVERSION 2,5,2,0 + PRODUCTVERSION 2,5,2,0 + FILEFLAGSMASK 0x3fL +#ifdef _DEBUG + FILEFLAGS 0x1L +#else + FILEFLAGS 0x0L +#endif + FILEOS 0x40004L + FILETYPE 0x2L + FILESUBTYPE 0x0L +BEGIN + BLOCK "StringFileInfo" + BEGIN + BLOCK "040904b0" + BEGIN + VALUE "Comments", "\0" + VALUE "CompanyName", "Shibboleth Consortium\0" + VALUE "FileDescription", "Shibboleth ADFSv1 Plugin\0" + VALUE "FileVersion", "2, 5, 2, 0\0" +#ifdef SHIBSP_LITE + VALUE "InternalName", "adfs-lite\0" +#else + VALUE "InternalName", "adfs\0" +#endif + VALUE "LegalCopyright", "Copyright © 2013 UCAID\0" + VALUE "LegalTrademarks", "\0" +#ifdef SHIBSP_LITE + VALUE "OriginalFilename", "adfs-lite.so\0" +#else + VALUE "OriginalFilename", "adfs.so\0" +#endif + VALUE "PrivateBuild", "\0" + VALUE "ProductName", "Shibboleth 2.5.2\0" + VALUE "ProductVersion", "2, 5, 2, 0\0" + VALUE "SpecialBuild", "\0" + END + END + BLOCK "VarFileInfo" + BEGIN + VALUE "Translation", 0x409, 1200 + END +END + +#endif // !_MAC + +#endif // English (U.S.) resources +///////////////////////////////////////////////////////////////////////////// + + + +#ifndef APSTUDIO_INVOKED +///////////////////////////////////////////////////////////////////////////// +// +// Generated from the TEXTINCLUDE 3 resource. +// + + +///////////////////////////////////////////////////////////////////////////// +#endif // not APSTUDIO_INVOKED + diff -Nru shibboleth-sp2-2.4.3+dfsg/adfs/adfs.vcxproj shibboleth-sp2-2.5.2+dfsg/adfs/adfs.vcxproj --- shibboleth-sp2-2.4.3+dfsg/adfs/adfs.vcxproj 2011-06-28 00:39:28.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/adfs/adfs.vcxproj 2013-05-23 16:57:05.000000000 +0000 @@ -1,4 +1,4 @@ - + @@ -58,16 +58,15 @@ + + + <_ProjectFileVersion>10.0.30319.1 - $(SolutionDir)$(Configuration)\ - $(Configuration)\ true $(SolutionDir)$(Platform)\$(Configuration)\ $(Platform)\$(Configuration)\ true - $(SolutionDir)$(Configuration)\ - $(Configuration)\ false $(SolutionDir)$(Platform)\$(Configuration)\ $(Platform)\$(Configuration)\ @@ -94,12 +93,12 @@ Disabled .;..;..\..\cpp-opensaml;..\..\cpp-xmltooling;%(AdditionalIncludeDirectories) _CRT_SECURE_NO_WARNINGS;WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions) - MultiThreadedDebugDLL true Level3 EditAndContinue + MultiThreadedDebugDLL _DEBUG;%(PreprocessorDefinitions) @@ -202,4 +201,4 @@ - \ No newline at end of file + diff -Nru shibboleth-sp2-2.4.3+dfsg/apache/Makefile.am shibboleth-sp2-2.5.2+dfsg/apache/Makefile.am --- shibboleth-sp2-2.4.3+dfsg/apache/Makefile.am 2011-06-28 00:39:26.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/apache/Makefile.am 2012-07-23 20:08:22.000000000 +0000 @@ -1,47 +1,52 @@ AUTOMAKE_OPTIONS = foreign if BUILD_AP13 -modshib13dir = $(libdir)/@PACKAGE@ +modshib13dir = $(libdir)/@PACKAGE_NAME@ modshib13_LTLIBRARIES = mod_shib_13.la mod_shib_13_la_SOURCES = mod_shib_13.cpp mod_shib_13_la_CXXFLAGS = $(APXS_CFLAGS) -I$(APXS_INCLUDE) mod_shib_13_la_LDFLAGS = -module -avoid-version mod_shib_13_la_LIBADD = $(LITE_LIBS) \ $(top_builddir)/shibsp/libshibsp-lite.la - -install-exec-hook: - for la in $(modshib13_LTLIBRARIES) ; do rm -f $(DESTDIR)$(modshib13dir)/$$la ; done - endif if BUILD_AP20 -modshib20dir = $(libdir)/@PACKAGE@ +modshib20dir = $(libdir)/@PACKAGE_NAME@ modshib20_LTLIBRARIES = mod_shib_20.la mod_shib_20_la_SOURCES = mod_shib_20.cpp mod_shib_20_la_CXXFLAGS = $(APXS2_CFLAGS) -I$(APXS2_INCLUDE) mod_shib_20_la_LDFLAGS = -module -avoid-version mod_shib_20_la_LIBADD = $(LITE_LIBS) \ $(top_builddir)/shibsp/libshibsp-lite.la - -install-exec-hook: - for la in $(modshib20_LTLIBRARIES) ; do rm -f $(DESTDIR)$(modshib20dir)/$$la ; done - endif if BUILD_AP22 -modshib22dir = $(libdir)/@PACKAGE@ +modshib22dir = $(libdir)/@PACKAGE_NAME@ modshib22_LTLIBRARIES = mod_shib_22.la mod_shib_22_la_SOURCES = mod_shib_22.cpp mod_shib_22_la_CXXFLAGS = $(APXS22_CFLAGS) -I$(APXS22_INCLUDE) mod_shib_22_la_LDFLAGS = -module -avoid-version mod_shib_22_la_LIBADD = $(LITE_LIBS) \ $(top_builddir)/shibsp/libshibsp-lite.la +endif -install-exec-hook: - for la in $(modshib22_LTLIBRARIES) ; do rm -f $(DESTDIR)$(modshib22dir)/$$la ; done - +if BUILD_AP24 +modshib24dir = $(libdir)/@PACKAGE_NAME@ +modshib24_LTLIBRARIES = mod_shib_24.la +mod_shib_24_la_SOURCES = mod_shib_24.cpp +mod_shib_24_la_CXXFLAGS = $(APXS24_CFLAGS) -I$(APXS24_INCLUDE) +mod_shib_24_la_LDFLAGS = -module -avoid-version +mod_shib_24_la_LIBADD = $(LITE_LIBS) \ + $(top_builddir)/shibsp/libshibsp-lite.la endif -EXTRA_DIST = mod_apache.cpp mod_shib_13.cpp mod_shib_20.cpp mod_shib_22.cpp \ - mod_shib13.vcxproj mod_shib20.vcxproj mod_shib22.vcxproj \ - resource.h mod_shib_13.rc mod_shib_20.rc mod_shib_22.rc +install-data-hook: + for la in $(modshib13_LTLIBRARIES) ; do rm -f $(DESTDIR)$(modshib13dir)/$$la ; done + for la in $(modshib20_LTLIBRARIES) ; do rm -f $(DESTDIR)$(modshib20dir)/$$la ; done + for la in $(modshib22_LTLIBRARIES) ; do rm -f $(DESTDIR)$(modshib22dir)/$$la ; done + for la in $(modshib24_LTLIBRARIES) ; do rm -f $(DESTDIR)$(modshib24dir)/$$la ; done + +EXTRA_DIST = mod_shib.cpp \ + mod_shib_13.cpp mod_shib_20.cpp mod_shib_22.cpp mod_shib_24.cpp \ + mod_shib13.vcxproj mod_shib20.vcxproj mod_shib22.vcxproj mod_shib24.vcxproj \ + resource.h mod_shib_13.rc mod_shib_20.rc mod_shib_22.rc mod_shib_24.rc diff -Nru shibboleth-sp2-2.4.3+dfsg/apache/Makefile.in shibboleth-sp2-2.5.2+dfsg/apache/Makefile.in --- shibboleth-sp2-2.4.3+dfsg/apache/Makefile.in 2011-06-28 01:29:27.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/apache/Makefile.in 2013-06-16 22:06:20.000000000 +0000 @@ -1,9 +1,8 @@ -# Makefile.in generated by automake 1.11.1 from Makefile.am. +# Makefile.in generated by automake 1.12.6 from Makefile.am. # @configure_input@ -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, -# Inc. +# Copyright (C) 1994-2012 Free Software Foundation, Inc. + # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,6 +15,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -35,13 +51,15 @@ build_triplet = @build@ host_triplet = @host@ subdir = apache -DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ + $(top_srcdir)/build-aux/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/acinclude.m4 \ - $(top_srcdir)/m4/acx_pthread.m4 $(top_srcdir)/m4/doxygen.m4 \ - $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ - $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ - $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac + $(top_srcdir)/m4/acx_pthread.m4 $(top_srcdir)/m4/boost.m4 \ + $(top_srcdir)/m4/doxygen.m4 $(top_srcdir)/m4/libtool.m4 \ + $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ + $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ + $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d @@ -70,10 +88,17 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } am__installdirs = "$(DESTDIR)$(modshib13dir)" \ - "$(DESTDIR)$(modshib20dir)" "$(DESTDIR)$(modshib22dir)" + "$(DESTDIR)$(modshib20dir)" "$(DESTDIR)$(modshib22dir)" \ + "$(DESTDIR)$(modshib24dir)" LTLIBRARIES = $(modshib13_LTLIBRARIES) $(modshib20_LTLIBRARIES) \ - $(modshib22_LTLIBRARIES) + $(modshib22_LTLIBRARIES) $(modshib24_LTLIBRARIES) am__DEPENDENCIES_1 = @BUILD_AP13_TRUE@mod_shib_13_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ @BUILD_AP13_TRUE@ $(top_builddir)/shibsp/libshibsp-lite.la @@ -108,6 +133,17 @@ $(mod_shib_22_la_CXXFLAGS) $(CXXFLAGS) \ $(mod_shib_22_la_LDFLAGS) $(LDFLAGS) -o $@ @BUILD_AP22_TRUE@am_mod_shib_22_la_rpath = -rpath $(modshib22dir) +@BUILD_AP24_TRUE@mod_shib_24_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ +@BUILD_AP24_TRUE@ $(top_builddir)/shibsp/libshibsp-lite.la +am__mod_shib_24_la_SOURCES_DIST = mod_shib_24.cpp +@BUILD_AP24_TRUE@am_mod_shib_24_la_OBJECTS = \ +@BUILD_AP24_TRUE@ mod_shib_24_la-mod_shib_24.lo +mod_shib_24_la_OBJECTS = $(am_mod_shib_24_la_OBJECTS) +mod_shib_24_la_LINK = $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CXXLD) \ + $(mod_shib_24_la_CXXFLAGS) $(CXXFLAGS) \ + $(mod_shib_24_la_LDFLAGS) $(LDFLAGS) -o $@ +@BUILD_AP24_TRUE@am_mod_shib_24_la_rpath = -rpath $(modshib24dir) DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) -I$(top_builddir)/shibsp depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__depfiles_maybe = depfiles @@ -122,10 +158,16 @@ --mode=link $(CXXLD) $(AM_CXXFLAGS) $(CXXFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(mod_shib_13_la_SOURCES) $(mod_shib_20_la_SOURCES) \ - $(mod_shib_22_la_SOURCES) + $(mod_shib_22_la_SOURCES) $(mod_shib_24_la_SOURCES) DIST_SOURCES = $(am__mod_shib_13_la_SOURCES_DIST) \ $(am__mod_shib_20_la_SOURCES_DIST) \ - $(am__mod_shib_22_la_SOURCES_DIST) + $(am__mod_shib_22_la_SOURCES_DIST) \ + $(am__mod_shib_24_la_SOURCES_DIST) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -140,6 +182,9 @@ APXS22 = @APXS22@ APXS22_CFLAGS = @APXS22_CFLAGS@ APXS22_INCLUDE = @APXS22_INCLUDE@ +APXS24 = @APXS24@ +APXS24_CFLAGS = @APXS24_CFLAGS@ +APXS24_INCLUDE = @APXS24_INCLUDE@ APXS2_CFLAGS = @APXS2_CFLAGS@ APXS2_INCLUDE = @APXS2_INCLUDE@ APXS_CFLAGS = @APXS_CFLAGS@ @@ -149,6 +194,8 @@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ +BOOST_CPPFLAGS = @BOOST_CPPFLAGS@ +BOOST_ROOT = @BOOST_ROOT@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ @@ -161,6 +208,7 @@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ +DISTCHECK_CONFIGURE_FLAGS = @DISTCHECK_CONFIGURE_FLAGS@ DLLTOOL = @DLLTOOL@ DOXYGEN_PAPER_SIZE = @DOXYGEN_PAPER_SIZE@ DSYMUTIL = @DSYMUTIL@ @@ -308,7 +356,7 @@ top_srcdir = @top_srcdir@ xs = @xs@ AUTOMAKE_OPTIONS = foreign -@BUILD_AP13_TRUE@modshib13dir = $(libdir)/@PACKAGE@ +@BUILD_AP13_TRUE@modshib13dir = $(libdir)/@PACKAGE_NAME@ @BUILD_AP13_TRUE@modshib13_LTLIBRARIES = mod_shib_13.la @BUILD_AP13_TRUE@mod_shib_13_la_SOURCES = mod_shib_13.cpp @BUILD_AP13_TRUE@mod_shib_13_la_CXXFLAGS = $(APXS_CFLAGS) -I$(APXS_INCLUDE) @@ -316,7 +364,7 @@ @BUILD_AP13_TRUE@mod_shib_13_la_LIBADD = $(LITE_LIBS) \ @BUILD_AP13_TRUE@ $(top_builddir)/shibsp/libshibsp-lite.la -@BUILD_AP20_TRUE@modshib20dir = $(libdir)/@PACKAGE@ +@BUILD_AP20_TRUE@modshib20dir = $(libdir)/@PACKAGE_NAME@ @BUILD_AP20_TRUE@modshib20_LTLIBRARIES = mod_shib_20.la @BUILD_AP20_TRUE@mod_shib_20_la_SOURCES = mod_shib_20.cpp @BUILD_AP20_TRUE@mod_shib_20_la_CXXFLAGS = $(APXS2_CFLAGS) -I$(APXS2_INCLUDE) @@ -324,7 +372,7 @@ @BUILD_AP20_TRUE@mod_shib_20_la_LIBADD = $(LITE_LIBS) \ @BUILD_AP20_TRUE@ $(top_builddir)/shibsp/libshibsp-lite.la -@BUILD_AP22_TRUE@modshib22dir = $(libdir)/@PACKAGE@ +@BUILD_AP22_TRUE@modshib22dir = $(libdir)/@PACKAGE_NAME@ @BUILD_AP22_TRUE@modshib22_LTLIBRARIES = mod_shib_22.la @BUILD_AP22_TRUE@mod_shib_22_la_SOURCES = mod_shib_22.cpp @BUILD_AP22_TRUE@mod_shib_22_la_CXXFLAGS = $(APXS22_CFLAGS) -I$(APXS22_INCLUDE) @@ -332,9 +380,18 @@ @BUILD_AP22_TRUE@mod_shib_22_la_LIBADD = $(LITE_LIBS) \ @BUILD_AP22_TRUE@ $(top_builddir)/shibsp/libshibsp-lite.la -EXTRA_DIST = mod_apache.cpp mod_shib_13.cpp mod_shib_20.cpp mod_shib_22.cpp \ - mod_shib13.vcxproj mod_shib20.vcxproj mod_shib22.vcxproj \ - resource.h mod_shib_13.rc mod_shib_20.rc mod_shib_22.rc +@BUILD_AP24_TRUE@modshib24dir = $(libdir)/@PACKAGE_NAME@ +@BUILD_AP24_TRUE@modshib24_LTLIBRARIES = mod_shib_24.la +@BUILD_AP24_TRUE@mod_shib_24_la_SOURCES = mod_shib_24.cpp +@BUILD_AP24_TRUE@mod_shib_24_la_CXXFLAGS = $(APXS24_CFLAGS) -I$(APXS24_INCLUDE) +@BUILD_AP24_TRUE@mod_shib_24_la_LDFLAGS = -module -avoid-version +@BUILD_AP24_TRUE@mod_shib_24_la_LIBADD = $(LITE_LIBS) \ +@BUILD_AP24_TRUE@ $(top_builddir)/shibsp/libshibsp-lite.la + +EXTRA_DIST = mod_shib.cpp \ + mod_shib_13.cpp mod_shib_20.cpp mod_shib_22.cpp mod_shib_24.cpp \ + mod_shib13.vcxproj mod_shib20.vcxproj mod_shib22.vcxproj mod_shib24.vcxproj \ + resource.h mod_shib_13.rc mod_shib_20.rc mod_shib_22.rc mod_shib_24.rc all: all-am @@ -372,7 +429,6 @@ $(am__aclocal_m4_deps): install-modshib13LTLIBRARIES: $(modshib13_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(modshib13dir)" || $(MKDIR_P) "$(DESTDIR)$(modshib13dir)" @list='$(modshib13_LTLIBRARIES)'; test -n "$(modshib13dir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -380,6 +436,8 @@ else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(modshib13dir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(modshib13dir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(modshib13dir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(modshib13dir)"; \ } @@ -395,15 +453,16 @@ clean-modshib13LTLIBRARIES: -test -z "$(modshib13_LTLIBRARIES)" || rm -f $(modshib13_LTLIBRARIES) - @list='$(modshib13_LTLIBRARIES)'; for p in $$list; do \ - dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ - test "$$dir" != "$$p" || dir=.; \ - echo "rm -f \"$${dir}/so_locations\""; \ - rm -f "$${dir}/so_locations"; \ - done + @list='$(modshib13_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } install-modshib20LTLIBRARIES: $(modshib20_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(modshib20dir)" || $(MKDIR_P) "$(DESTDIR)$(modshib20dir)" @list='$(modshib20_LTLIBRARIES)'; test -n "$(modshib20dir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -411,6 +470,8 @@ else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(modshib20dir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(modshib20dir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(modshib20dir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(modshib20dir)"; \ } @@ -426,15 +487,16 @@ clean-modshib20LTLIBRARIES: -test -z "$(modshib20_LTLIBRARIES)" || rm -f $(modshib20_LTLIBRARIES) - @list='$(modshib20_LTLIBRARIES)'; for p in $$list; do \ - dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ - test "$$dir" != "$$p" || dir=.; \ - echo "rm -f \"$${dir}/so_locations\""; \ - rm -f "$${dir}/so_locations"; \ - done + @list='$(modshib20_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } install-modshib22LTLIBRARIES: $(modshib22_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(modshib22dir)" || $(MKDIR_P) "$(DESTDIR)$(modshib22dir)" @list='$(modshib22_LTLIBRARIES)'; test -n "$(modshib22dir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -442,6 +504,8 @@ else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(modshib22dir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(modshib22dir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(modshib22dir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(modshib22dir)"; \ } @@ -457,18 +521,56 @@ clean-modshib22LTLIBRARIES: -test -z "$(modshib22_LTLIBRARIES)" || rm -f $(modshib22_LTLIBRARIES) - @list='$(modshib22_LTLIBRARIES)'; for p in $$list; do \ - dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ - test "$$dir" != "$$p" || dir=.; \ - echo "rm -f \"$${dir}/so_locations\""; \ - rm -f "$${dir}/so_locations"; \ + @list='$(modshib22_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } +install-modshib24LTLIBRARIES: $(modshib24_LTLIBRARIES) + @$(NORMAL_INSTALL) + @list='$(modshib24_LTLIBRARIES)'; test -n "$(modshib24dir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(modshib24dir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(modshib24dir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(modshib24dir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(modshib24dir)"; \ + } + +uninstall-modshib24LTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(modshib24_LTLIBRARIES)'; test -n "$(modshib24dir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(modshib24dir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(modshib24dir)/$$f"; \ done -mod_shib_13.la: $(mod_shib_13_la_OBJECTS) $(mod_shib_13_la_DEPENDENCIES) + +clean-modshib24LTLIBRARIES: + -test -z "$(modshib24_LTLIBRARIES)" || rm -f $(modshib24_LTLIBRARIES) + @list='$(modshib24_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } +mod_shib_13.la: $(mod_shib_13_la_OBJECTS) $(mod_shib_13_la_DEPENDENCIES) $(EXTRA_mod_shib_13_la_DEPENDENCIES) $(mod_shib_13_la_LINK) $(am_mod_shib_13_la_rpath) $(mod_shib_13_la_OBJECTS) $(mod_shib_13_la_LIBADD) $(LIBS) -mod_shib_20.la: $(mod_shib_20_la_OBJECTS) $(mod_shib_20_la_DEPENDENCIES) +mod_shib_20.la: $(mod_shib_20_la_OBJECTS) $(mod_shib_20_la_DEPENDENCIES) $(EXTRA_mod_shib_20_la_DEPENDENCIES) $(mod_shib_20_la_LINK) $(am_mod_shib_20_la_rpath) $(mod_shib_20_la_OBJECTS) $(mod_shib_20_la_LIBADD) $(LIBS) -mod_shib_22.la: $(mod_shib_22_la_OBJECTS) $(mod_shib_22_la_DEPENDENCIES) +mod_shib_22.la: $(mod_shib_22_la_OBJECTS) $(mod_shib_22_la_DEPENDENCIES) $(EXTRA_mod_shib_22_la_DEPENDENCIES) $(mod_shib_22_la_LINK) $(am_mod_shib_22_la_rpath) $(mod_shib_22_la_OBJECTS) $(mod_shib_22_la_LIBADD) $(LIBS) +mod_shib_24.la: $(mod_shib_24_la_OBJECTS) $(mod_shib_24_la_DEPENDENCIES) $(EXTRA_mod_shib_24_la_DEPENDENCIES) + $(mod_shib_24_la_LINK) $(am_mod_shib_24_la_rpath) $(mod_shib_24_la_OBJECTS) $(mod_shib_24_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -479,6 +581,7 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_shib_13_la-mod_shib_13.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_shib_20_la-mod_shib_20.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_shib_22_la-mod_shib_22.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_shib_24_la-mod_shib_24.Plo@am__quote@ .cpp.o: @am__fastdepCXX_TRUE@ $(CXXCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @@ -522,6 +625,13 @@ @AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCXX_FALSE@ $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(mod_shib_22_la_CXXFLAGS) $(CXXFLAGS) -c -o mod_shib_22_la-mod_shib_22.lo `test -f 'mod_shib_22.cpp' || echo '$(srcdir)/'`mod_shib_22.cpp +mod_shib_24_la-mod_shib_24.lo: mod_shib_24.cpp +@am__fastdepCXX_TRUE@ $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(mod_shib_24_la_CXXFLAGS) $(CXXFLAGS) -MT mod_shib_24_la-mod_shib_24.lo -MD -MP -MF $(DEPDIR)/mod_shib_24_la-mod_shib_24.Tpo -c -o mod_shib_24_la-mod_shib_24.lo `test -f 'mod_shib_24.cpp' || echo '$(srcdir)/'`mod_shib_24.cpp +@am__fastdepCXX_TRUE@ $(am__mv) $(DEPDIR)/mod_shib_24_la-mod_shib_24.Tpo $(DEPDIR)/mod_shib_24_la-mod_shib_24.Plo +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='mod_shib_24.cpp' object='mod_shib_24_la-mod_shib_24.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCXX_FALSE@ $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(mod_shib_24_la_CXXFLAGS) $(CXXFLAGS) -c -o mod_shib_24_la-mod_shib_24.lo `test -f 'mod_shib_24.cpp' || echo '$(srcdir)/'`mod_shib_24.cpp + mostlyclean-libtool: -rm -f *.lo @@ -577,6 +687,20 @@ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: $(HEADERS) $(SOURCES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -614,7 +738,7 @@ check: check-am all-am: Makefile $(LTLIBRARIES) installdirs: - for dir in "$(DESTDIR)$(modshib13dir)" "$(DESTDIR)$(modshib20dir)" "$(DESTDIR)$(modshib22dir)"; do \ + for dir in "$(DESTDIR)$(modshib13dir)" "$(DESTDIR)$(modshib20dir)" "$(DESTDIR)$(modshib22dir)" "$(DESTDIR)$(modshib24dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am @@ -627,10 +751,15 @@ installcheck: installcheck-am install-strip: - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - `test -z '$(STRIP)' || \ - echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi mostlyclean-generic: clean-generic: @@ -642,12 +771,11 @@ maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -@BUILD_AP13_FALSE@@BUILD_AP20_FALSE@@BUILD_AP22_FALSE@install-exec-hook: clean: clean-am clean-am: clean-generic clean-libtool clean-modshib13LTLIBRARIES \ clean-modshib20LTLIBRARIES clean-modshib22LTLIBRARIES \ - mostlyclean-am + clean-modshib24LTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -668,15 +796,16 @@ info-am: install-data-am: install-modshib13LTLIBRARIES \ - install-modshib20LTLIBRARIES install-modshib22LTLIBRARIES - + install-modshib20LTLIBRARIES install-modshib22LTLIBRARIES \ + install-modshib24LTLIBRARIES + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-dvi: install-dvi-am install-dvi-am: install-exec-am: - @$(NORMAL_INSTALL) - $(MAKE) $(AM_MAKEFLAGS) install-exec-hook + install-html: install-html-am install-html-am: @@ -716,37 +845,37 @@ ps-am: uninstall-am: uninstall-modshib13LTLIBRARIES \ - uninstall-modshib20LTLIBRARIES uninstall-modshib22LTLIBRARIES + uninstall-modshib20LTLIBRARIES uninstall-modshib22LTLIBRARIES \ + uninstall-modshib24LTLIBRARIES -.MAKE: install-am install-exec-am install-strip +.MAKE: install-am install-data-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libtool clean-modshib13LTLIBRARIES \ - clean-modshib20LTLIBRARIES clean-modshib22LTLIBRARIES ctags \ - distclean distclean-compile distclean-generic \ - distclean-libtool distclean-tags distdir dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-dvi install-dvi-am install-exec \ - install-exec-am install-exec-hook install-html install-html-am \ - install-info install-info-am install-man \ - install-modshib13LTLIBRARIES install-modshib20LTLIBRARIES \ - install-modshib22LTLIBRARIES install-pdf install-pdf-am \ + clean-modshib20LTLIBRARIES clean-modshib22LTLIBRARIES \ + clean-modshib24LTLIBRARIES cscopelist ctags distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am \ + install-data-hook install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-modshib13LTLIBRARIES \ + install-modshib20LTLIBRARIES install-modshib22LTLIBRARIES \ + install-modshib24LTLIBRARIES install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-modshib13LTLIBRARIES \ - uninstall-modshib20LTLIBRARIES uninstall-modshib22LTLIBRARIES - - -@BUILD_AP13_TRUE@install-exec-hook: -@BUILD_AP13_TRUE@ for la in $(modshib13_LTLIBRARIES) ; do rm -f $(DESTDIR)$(modshib13dir)/$$la ; done + uninstall-modshib20LTLIBRARIES uninstall-modshib22LTLIBRARIES \ + uninstall-modshib24LTLIBRARIES -@BUILD_AP20_TRUE@install-exec-hook: -@BUILD_AP20_TRUE@ for la in $(modshib20_LTLIBRARIES) ; do rm -f $(DESTDIR)$(modshib20dir)/$$la ; done -@BUILD_AP22_TRUE@install-exec-hook: -@BUILD_AP22_TRUE@ for la in $(modshib22_LTLIBRARIES) ; do rm -f $(DESTDIR)$(modshib22dir)/$$la ; done +install-data-hook: + for la in $(modshib13_LTLIBRARIES) ; do rm -f $(DESTDIR)$(modshib13dir)/$$la ; done + for la in $(modshib20_LTLIBRARIES) ; do rm -f $(DESTDIR)$(modshib20dir)/$$la ; done + for la in $(modshib22_LTLIBRARIES) ; do rm -f $(DESTDIR)$(modshib22dir)/$$la ; done + for la in $(modshib24_LTLIBRARIES) ; do rm -f $(DESTDIR)$(modshib24dir)/$$la ; done # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff -Nru shibboleth-sp2-2.4.3+dfsg/apache/mod_apache.cpp shibboleth-sp2-2.5.2+dfsg/apache/mod_apache.cpp --- shibboleth-sp2-2.4.3+dfsg/apache/mod_apache.cpp 2011-07-06 17:01:03.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/apache/mod_apache.cpp 1970-01-01 00:00:00.000000000 +0000 @@ -1,1714 +0,0 @@ -/** - * Licensed to the University Corporation for Advanced Internet - * Development, Inc. (UCAID) under one or more contributor license - * agreements. See the NOTICE file distributed with this work for - * additional information regarding copyright ownership. - * - * UCAID licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. You may obtain a copy of the - * License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, - * either express or implied. See the License for the specific - * language governing permissions and limitations under the License. - */ - -/** - * mod_apache.cpp - * - * Apache module implementation. - */ - -#define SHIBSP_LITE - -#ifdef SOLARIS2 -#undef _XOPEN_SOURCE // causes gethostname conflict in unistd.h -#endif - -#ifdef WIN32 -# define _CRT_NONSTDC_NO_DEPRECATE 1 -# define _CRT_SECURE_NO_DEPRECATE 1 -#endif - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include - -#ifdef WIN32 -# include -#endif - -#undef _XPG4_2 - -// Apache specific header files -#include -#include -#include -#include -#define CORE_PRIVATE -#include -#include -#include - -#ifndef SHIB_APACHE_13 -#include -#include -#include -#endif - -#include -#include -#include -#include -#include - -#include -#ifdef HAVE_UNISTD_H -#include // for getpid() -#endif - -using namespace shibsp; -using namespace xmltooling; -using namespace std; -using xercesc::RegularExpression; -using xercesc::XMLException; - -extern "C" module MODULE_VAR_EXPORT mod_shib; - -namespace { - char* g_szSHIBConfig = nullptr; - char* g_szSchemaDir = nullptr; - char* g_szPrefix = nullptr; - SPConfig* g_Config = nullptr; - string g_unsetHeaderValue,g_spoofKey; - bool g_checkSpoofing = true; - bool g_catchAll = false; -#ifndef SHIB_APACHE_13 - char* g_szGSSContextKey = "mod_auth_gssapi:gss_ctx"; -#endif - static const char* g_UserDataKey = "urn:mace:shibboleth:Apache:shib_check_user"; -} - -/* Apache 2.2.x headers must be accumulated and set in the output filter. - Apache 2.0.49+ supports the filter method. - Apache 1.3.x and lesser 2.0.x must write the headers directly. */ - -#if (defined(SHIB_APACHE_20) || defined(SHIB_APACHE_22)) && AP_MODULE_MAGIC_AT_LEAST(20020903,6) -#define SHIB_DEFERRED_HEADERS -#endif - -/********************************************************************************/ -// Basic Apache Configuration code. -// - -// per-server module configuration structure -struct shib_server_config -{ - char* szScheme; -}; - -// creates the per-server configuration -extern "C" void* create_shib_server_config(SH_AP_POOL* p, server_rec* s) -{ - shib_server_config* sc=(shib_server_config*)ap_pcalloc(p,sizeof(shib_server_config)); - sc->szScheme = nullptr; - return sc; -} - -// overrides server configuration in virtual servers -extern "C" void* merge_shib_server_config (SH_AP_POOL* p, void* base, void* sub) -{ - shib_server_config* sc=(shib_server_config*)ap_pcalloc(p,sizeof(shib_server_config)); - shib_server_config* parent=(shib_server_config*)base; - shib_server_config* child=(shib_server_config*)sub; - - if (child->szScheme) - sc->szScheme=ap_pstrdup(p,child->szScheme); - else if (parent->szScheme) - sc->szScheme=ap_pstrdup(p,parent->szScheme); - else - sc->szScheme=nullptr; - - return sc; -} - -// per-dir module configuration structure -struct shib_dir_config -{ - SH_AP_TABLE* tSettings; // generic table of extensible settings - - // RM Configuration - char* szAuthGrpFile; // Auth GroupFile name - int bRequireAll; // all "known" require directives must match, otherwise OR logic - int bAuthoritative; // allow htaccess plugin to DECLINE when authz fails - - // Content Configuration - char* szApplicationId; // Shib applicationId value - char* szRequireWith; // require a session using a specific initiator? - char* szRedirectToSSL; // redirect non-SSL requests to SSL port - char* szAccessControl; // path to "external" AccessControl plugin file - int bOff; // flat-out disable all Shib processing - int bBasicHijack; // activate for AuthType Basic? - int bRequireSession; // require a session? - int bExportAssertion; // export SAML assertion to the environment? - int bUseEnvVars; // use environment? - int bUseHeaders; // use headers? - int bExpireRedirects; // expire redirects? -}; - -// creates per-directory config structure -extern "C" void* create_shib_dir_config (SH_AP_POOL* p, char* d) -{ - shib_dir_config* dc=(shib_dir_config*)ap_pcalloc(p,sizeof(shib_dir_config)); - dc->tSettings = nullptr; - dc->szAuthGrpFile = nullptr; - dc->bRequireAll = -1; - dc->bAuthoritative = -1; - dc->szApplicationId = nullptr; - dc->szRequireWith = nullptr; - dc->szRedirectToSSL = nullptr; - dc->szAccessControl = nullptr; - dc->bOff = -1; - dc->bBasicHijack = -1; - dc->bRequireSession = -1; - dc->bExportAssertion = -1; - dc->bUseEnvVars = -1; - dc->bUseHeaders = -1; - dc->bExpireRedirects = -1; - return dc; -} - -// overrides server configuration in directories -extern "C" void* merge_shib_dir_config (SH_AP_POOL* p, void* base, void* sub) -{ - shib_dir_config* dc=(shib_dir_config*)ap_pcalloc(p,sizeof(shib_dir_config)); - shib_dir_config* parent=(shib_dir_config*)base; - shib_dir_config* child=(shib_dir_config*)sub; - - // The child supersedes any matching table settings in the parent. - dc->tSettings = nullptr; - if (parent->tSettings) - dc->tSettings = ap_copy_table(p, parent->tSettings); - if (child->tSettings) { - if (dc->tSettings) - ap_overlap_tables(dc->tSettings, child->tSettings, AP_OVERLAP_TABLES_SET); - else - dc->tSettings = ap_copy_table(p, child->tSettings); - } - - if (child->szAuthGrpFile) - dc->szAuthGrpFile=ap_pstrdup(p,child->szAuthGrpFile); - else if (parent->szAuthGrpFile) - dc->szAuthGrpFile=ap_pstrdup(p,parent->szAuthGrpFile); - else - dc->szAuthGrpFile=nullptr; - - if (child->szApplicationId) - dc->szApplicationId=ap_pstrdup(p,child->szApplicationId); - else if (parent->szApplicationId) - dc->szApplicationId=ap_pstrdup(p,parent->szApplicationId); - else - dc->szApplicationId=nullptr; - - if (child->szRequireWith) - dc->szRequireWith=ap_pstrdup(p,child->szRequireWith); - else if (parent->szRequireWith) - dc->szRequireWith=ap_pstrdup(p,parent->szRequireWith); - else - dc->szRequireWith=nullptr; - - if (child->szRedirectToSSL) - dc->szRedirectToSSL=ap_pstrdup(p,child->szRedirectToSSL); - else if (parent->szRedirectToSSL) - dc->szRedirectToSSL=ap_pstrdup(p,parent->szRedirectToSSL); - else - dc->szRedirectToSSL=nullptr; - - if (child->szAccessControl) - dc->szAccessControl=ap_pstrdup(p,child->szAccessControl); - else if (parent->szAccessControl) - dc->szAccessControl=ap_pstrdup(p,parent->szAccessControl); - else - dc->szAccessControl=nullptr; - - dc->bOff=((child->bOff==-1) ? parent->bOff : child->bOff); - dc->bBasicHijack=((child->bBasicHijack==-1) ? parent->bBasicHijack : child->bBasicHijack); - dc->bRequireSession=((child->bRequireSession==-1) ? parent->bRequireSession : child->bRequireSession); - dc->bExportAssertion=((child->bExportAssertion==-1) ? parent->bExportAssertion : child->bExportAssertion); - dc->bRequireAll=((child->bRequireAll==-1) ? parent->bRequireAll : child->bRequireAll); - dc->bAuthoritative=((child->bAuthoritative==-1) ? parent->bAuthoritative : child->bAuthoritative); - dc->bUseEnvVars=((child->bUseEnvVars==-1) ? parent->bUseEnvVars : child->bUseEnvVars); - dc->bUseHeaders=((child->bUseHeaders==-1) ? parent->bUseHeaders : child->bUseHeaders); - dc->bExpireRedirects=((child->bExpireRedirects==-1) ? parent->bExpireRedirects : child->bExpireRedirects); - return dc; -} - -// per-request module structure -struct shib_request_config -{ - SH_AP_TABLE *env; // environment vars -#ifdef SHIB_DEFERRED_HEADERS - SH_AP_TABLE *hdr_out; // headers to browser -#endif -}; - -// create a request record -static shib_request_config *init_request_config(request_rec *r) -{ - shib_request_config* rc=(shib_request_config*)ap_pcalloc(r->pool,sizeof(shib_request_config)); - ap_set_module_config (r->request_config, &mod_shib, rc); - memset(rc, 0, sizeof(shib_request_config)); - ap_log_rerror(APLOG_MARK,APLOG_DEBUG|APLOG_NOERRNO,SH_AP_R(r), "shib_init_rc"); - return rc; -} - -// generic global slot handlers -extern "C" const char* ap_set_global_string_slot(cmd_parms* parms, void*, const char* arg) -{ - *((char**)(parms->info))=ap_pstrdup(parms->pool,arg); - return nullptr; -} - -extern "C" const char* shib_set_server_string_slot(cmd_parms* parms, void*, const char* arg) -{ - char* base=(char*)ap_get_module_config(parms->server->module_config,&mod_shib); - size_t offset=(size_t)parms->info; - *((char**)(base + offset))=ap_pstrdup(parms->pool,arg); - return nullptr; -} - -extern "C" const char* shib_ap_set_file_slot(cmd_parms* parms, -#ifdef SHIB_APACHE_13 - char* arg1, char* arg2 -#else - void* arg1, const char* arg2 -#endif - ) -{ - ap_set_file_slot(parms, arg1, arg2); - return DECLINE_CMD; -} - -extern "C" const char* shib_table_set(cmd_parms* parms, shib_dir_config* dc, const char* arg1, const char* arg2) -{ - if (!dc->tSettings) - dc->tSettings = ap_make_table(parms->pool, 4); - ap_table_set(dc->tSettings, arg1, arg2); - return nullptr; -} - - -class ShibTargetApache : public AbstractSPRequest -#if defined(SHIBSP_HAVE_GSSAPI) && !defined(SHIB_APACHE_13) - , public GSSRequest -#endif -{ - bool m_handler; - mutable string m_body; - mutable bool m_gotBody,m_firsttime; - mutable vector m_certs; - set m_allhttp; - -public: - request_rec* m_req; - shib_dir_config* m_dc; - shib_server_config* m_sc; - shib_request_config* m_rc; - - ShibTargetApache(request_rec* req, bool handler, bool shib_check_user) - : AbstractSPRequest(SHIBSP_LOGCAT".Apache"), m_handler(handler), m_gotBody(false),m_firsttime(true) { - m_sc = (shib_server_config*)ap_get_module_config(req->server->module_config, &mod_shib); - m_dc = (shib_dir_config*)ap_get_module_config(req->per_dir_config, &mod_shib); - m_rc = (shib_request_config*)ap_get_module_config(req->request_config, &mod_shib); - m_req = req; - - setRequestURI(m_req->unparsed_uri); - - if (shib_check_user && m_dc->bUseHeaders == 1) { - // Try and see if this request was already processed, to skip spoof checking. - if (!ap_is_initial_req(m_req)) { - m_firsttime = false; - } - else if (!g_spoofKey.empty()) { - const char* hdr = ap_table_get(m_req->headers_in, "Shib-Spoof-Check"); - if (hdr && g_spoofKey == hdr) - m_firsttime=false; - } - - if (!m_firsttime) - log(SPDebug, "shib_check_user running more than once"); - } - } - virtual ~ShibTargetApache() {} - - const char* getScheme() const { - return m_sc->szScheme ? m_sc->szScheme : ap_http_method(m_req); - } - bool isSecure() const { - return HTTPRequest::isSecure(); - } - const char* getHostname() const { - return ap_get_server_name(m_req); - } - int getPort() const { - return ap_get_server_port(m_req); - } - const char* getMethod() const { - return m_req->method; - } - string getContentType() const { - const char* type = ap_table_get(m_req->headers_in, "Content-Type"); - return type ? type : ""; - } - long getContentLength() const { - return m_gotBody ? m_body.length() : m_req->remaining; - } - string getRemoteAddr() const { - string ret = AbstractSPRequest::getRemoteAddr(); - return ret.empty() ? m_req->connection->remote_ip : ret; - } - void log(SPLogLevel level, const string& msg) const { - AbstractSPRequest::log(level,msg); - ap_log_rerror( - APLOG_MARK, - (level == SPDebug ? APLOG_DEBUG : - (level == SPInfo ? APLOG_INFO : - (level == SPWarn ? APLOG_WARNING : - (level == SPError ? APLOG_ERR : APLOG_CRIT))))|APLOG_NOERRNO, - SH_AP_R(m_req), - "%s", - msg.c_str() - ); - } - const char* getQueryString() const { return m_req->args; } - const char* getRequestBody() const { - if (m_gotBody || m_req->method_number==M_GET) - return m_body.c_str(); -#ifdef SHIB_APACHE_13 - // Read the posted data - if (ap_setup_client_block(m_req, REQUEST_CHUNKED_DECHUNK) != OK) { - m_gotBody=true; - log(SPError, "Apache function (setup_client_block) failed while reading request body."); - return m_body.c_str(); - } - if (!ap_should_client_block(m_req)) { - m_gotBody=true; - log(SPError, "Apache function (should_client_block) failed while reading request body."); - return m_body.c_str(); - } - if (m_req->remaining > 1024*1024) - throw opensaml::SecurityPolicyException("Blocked request body larger than 1M size limit."); - m_gotBody=true; - int len; - char buff[HUGE_STRING_LEN]; - ap_hard_timeout("[mod_shib] getRequestBody", m_req); - while ((len=ap_get_client_block(m_req, buff, sizeof(buff))) > 0) { - ap_reset_timeout(m_req); - m_body.append(buff, len); - } - ap_kill_timeout(m_req); -#else - const char *data; - apr_size_t len; - int seen_eos = 0; - apr_bucket_brigade* bb = apr_brigade_create(m_req->pool, m_req->connection->bucket_alloc); - do { - apr_bucket *bucket; - apr_status_t rv = ap_get_brigade(m_req->input_filters, bb, AP_MODE_READBYTES, APR_BLOCK_READ, HUGE_STRING_LEN); - if (rv != APR_SUCCESS) { - log(SPError, "Apache function (ap_get_brigade) failed while reading request body."); - break; - } - - for (bucket = APR_BRIGADE_FIRST(bb); bucket != APR_BRIGADE_SENTINEL(bb); bucket = APR_BUCKET_NEXT(bucket)) { - if (APR_BUCKET_IS_EOS(bucket)) { - seen_eos = 1; - break; - } - - /* We can't do much with this. */ - if (APR_BUCKET_IS_FLUSH(bucket)) - continue; - - /* read */ - apr_bucket_read(bucket, &data, &len, APR_BLOCK_READ); - if (len > 0) - m_body.append(data, len); - } - apr_brigade_cleanup(bb); - } while (!seen_eos); - apr_brigade_destroy(bb); - m_gotBody=true; -#endif - return m_body.c_str(); - } - const char* getParameter(const char* name) const { - return AbstractSPRequest::getParameter(name); - } - vector::size_type getParameters(const char* name, vector& values) const { - return AbstractSPRequest::getParameters(name, values); - } - void clearHeader(const char* rawname, const char* cginame) { - if (m_dc->bUseHeaders == 1) { - // ap_log_rerror(APLOG_MARK,APLOG_DEBUG|APLOG_NOERRNO,SH_AP_R(m_req), "shib_clear_header: hdr\n"); - if (g_checkSpoofing && m_firsttime) { - if (m_allhttp.empty()) { - // First time, so populate set with "CGI" versions of client-supplied headers. -#ifdef SHIB_APACHE_13 - array_header *hdrs_arr = ap_table_elts(m_req->headers_in); - table_entry *hdrs = (table_entry *) hdrs_arr->elts; -#else - const apr_array_header_t *hdrs_arr = apr_table_elts(m_req->headers_in); - const apr_table_entry_t *hdrs = (const apr_table_entry_t *) hdrs_arr->elts; -#endif - for (int i = 0; i < hdrs_arr->nelts; ++i) { - if (!hdrs[i].key) - continue; - string cgiversion("HTTP_"); - const char* pch = hdrs[i].key; - while (*pch) { - cgiversion += (isalnum(*pch) ? toupper(*pch) : '_'); - pch++; - } - m_allhttp.insert(cgiversion); - } - } - - if (m_allhttp.count(cginame) > 0) - throw opensaml::SecurityPolicyException("Attempt to spoof header ($1) was detected.", params(1, rawname)); - } - ap_table_unset(m_req->headers_in, rawname); - ap_table_set(m_req->headers_in, rawname, g_unsetHeaderValue.c_str()); - } - } - void setHeader(const char* name, const char* value) { - if (m_dc->bUseEnvVars != 0) { - if (!m_rc) { - // this happens on subrequests - // ap_log_rerror(APLOG_MARK,APLOG_DEBUG|APLOG_NOERRNO,SH_AP_R(m_req), "shib_setheader: no_m_rc\n"); - m_rc = init_request_config(m_req); - } - if (!m_rc->env) - m_rc->env = ap_make_table(m_req->pool, 10); - // ap_log_rerror(APLOG_MARK,APLOG_DEBUG|APLOG_NOERRNO,SH_AP_R(m_req), "shib_set_env: %s=%s\n", name, value?value:"Null"); - ap_table_set(m_rc->env, name, value ? value : ""); - } - if (m_dc->bUseHeaders == 1) - ap_table_set(m_req->headers_in, name, value); - } - string getHeader(const char* name) const { - const char* hdr = ap_table_get(m_req->headers_in, name); - return string(hdr ? hdr : ""); - } - string getSecureHeader(const char* name) const { - if (m_dc->bUseEnvVars != 0) { - const char *hdr; - if (m_rc && m_rc->env) - hdr = ap_table_get(m_rc->env, name); - else - hdr = nullptr; - return string(hdr ? hdr : ""); - } - return getHeader(name); - } - void setRemoteUser(const char* user) { - SH_AP_USER(m_req) = user ? ap_pstrdup(m_req->pool, user) : nullptr; - if (m_dc->bUseHeaders == 1) { - if (user) { - ap_table_set(m_req->headers_in, "REMOTE_USER", user); - } - else { - ap_table_unset(m_req->headers_in, "REMOTE_USER"); - ap_table_set(m_req->headers_in, "REMOTE_USER", g_unsetHeaderValue.c_str()); - } - } - } - string getRemoteUser() const { - return string(SH_AP_USER(m_req) ? SH_AP_USER(m_req) : ""); - } - void setAuthType(const char* authtype) { - if (authtype && m_dc->bBasicHijack == 1) - authtype = "Basic"; - SH_AP_AUTH_TYPE(m_req) = authtype ? ap_pstrdup(m_req->pool, authtype) : nullptr; - } - string getAuthType() const { - return string(SH_AP_AUTH_TYPE(m_req) ? SH_AP_AUTH_TYPE(m_req) : ""); - } - void setContentType(const char* type) { - m_req->content_type = ap_psprintf(m_req->pool, "%s", type); - } - void setResponseHeader(const char* name, const char* value) { - HTTPResponse::setResponseHeader(name, value); -#ifdef SHIB_DEFERRED_HEADERS - if (!m_rc) - // this happens on subrequests - m_rc = init_request_config(m_req); - if (m_handler) { - if (!m_rc->hdr_out) - m_rc->hdr_out = ap_make_table(m_req->pool, 5); - ap_table_add(m_rc->hdr_out, name, value); - } - else -#endif - ap_table_add(m_req->err_headers_out, name, value); - } - long sendResponse(istream& in, long status) { - if (status != XMLTOOLING_HTTP_STATUS_OK) - m_req->status = status; - ap_send_http_header(m_req); - char buf[1024]; - while (in) { - in.read(buf,1024); - ap_rwrite(buf,in.gcount(),m_req); - } -#if (defined(SHIB_APACHE_20) || defined(SHIB_APACHE_22)) - if (status != XMLTOOLING_HTTP_STATUS_OK && status != XMLTOOLING_HTTP_STATUS_ERROR) - return status; -#endif - return DONE; - } - long sendRedirect(const char* url) { - HTTPResponse::sendRedirect(url); - ap_table_set(m_req->headers_out, "Location", url); - if (m_dc->bExpireRedirects != 0) { - ap_table_set(m_req->err_headers_out, "Expires", "Wed, 01 Jan 1997 12:00:00 GMT"); - ap_table_set(m_req->err_headers_out, "Cache-Control", "private,no-store,no-cache,max-age=0"); - } - return REDIRECT; - } - const vector& getClientCertificates() const { - if (m_certs.empty()) { - const char* cert = ap_table_get(m_req->subprocess_env, "SSL_CLIENT_CERT"); - if (cert) - m_certs.push_back(cert); - int i = 0; - do { - cert = ap_table_get(m_req->subprocess_env, ap_psprintf(m_req->pool, "SSL_CLIENT_CERT_CHAIN_%d", i++)); - if (cert) - m_certs.push_back(cert); - } while (cert); - } - return m_certs; - } - long returnDecline(void) { return DECLINED; } - long returnOK(void) { return OK; } -#if defined(SHIBSP_HAVE_GSSAPI) && !defined(SHIB_APACHE_13) - gss_ctx_id_t getGSSContext() const { - gss_ctx_id_t ctx = GSS_C_NO_CONTEXT; - apr_pool_userdata_get((void**)&ctx, g_szGSSContextKey, m_req->pool); - return ctx; - } -#endif -}; - -/********************************************************************************/ -// Apache handlers - -extern "C" int shib_check_user(request_rec* r) -{ - // Short-circuit entirely? - if (((shib_dir_config*)ap_get_module_config(r->per_dir_config, &mod_shib))->bOff==1) - return DECLINED; - - ap_log_rerror(APLOG_MARK,APLOG_DEBUG|APLOG_NOERRNO,SH_AP_R(r), "shib_check_user(%d): ENTER", (int)getpid()); - - ostringstream threadid; - threadid << "[" << getpid() << "] shib_check_user" << '\0'; - xmltooling::NDC ndc(threadid.str().c_str()); - - try { - ShibTargetApache sta(r,false,true); - - // Check user authentication and export information, then set the handler bypass - pair res = sta.getServiceProvider().doAuthentication(sta,true); - apr_pool_userdata_setn((const void*)42,g_UserDataKey,nullptr,r->pool); - // If directed, install a spoof key to recognize when we've already cleared headers. - if (!g_spoofKey.empty() && (((shib_dir_config*)ap_get_module_config(r->per_dir_config, &mod_shib))->bUseHeaders==1)) - ap_table_set(r->headers_in, "Shib-Spoof-Check", g_spoofKey.c_str()); - if (res.first) return res.second; - - // user auth was okay -- export the assertions now - res = sta.getServiceProvider().doExport(sta); - if (res.first) return res.second; - - // export happened successfully.. this user is ok. - return OK; - } - catch (exception& e) { - ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, SH_AP_R(r), "shib_check_user threw an exception: %s", e.what()); - return SERVER_ERROR; - } - catch (...) { - ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, SH_AP_R(r), "shib_check_user threw an unknown exception!"); - if (g_catchAll) - return SERVER_ERROR; - throw; - } -} - -extern "C" int shib_handler(request_rec* r) -{ - // Short-circuit entirely? - if (((shib_dir_config*)ap_get_module_config(r->per_dir_config, &mod_shib))->bOff==1) - return DECLINED; - - ostringstream threadid; - threadid << "[" << getpid() << "] shib_handler" << '\0'; - xmltooling::NDC ndc(threadid.str().c_str()); - -#ifndef SHIB_APACHE_13 - // With 2.x, this handler always runs, though last. - // We check if shib_check_user ran, because it will detect a handler request - // and dispatch it directly. - void* data; - apr_pool_userdata_get(&data,g_UserDataKey,r->pool); - if (data==(const void*)42) { - ap_log_rerror(APLOG_MARK,APLOG_DEBUG|APLOG_NOERRNO,SH_AP_R(r),"shib_handler skipped since check_user ran"); - return DECLINED; - } -#endif - - ap_log_rerror(APLOG_MARK,APLOG_DEBUG|APLOG_NOERRNO,SH_AP_R(r),"shib_handler(%d): ENTER: %s", (int)getpid(), r->handler); - - try { - ShibTargetApache sta(r,true,false); - - pair res = sta.getServiceProvider().doHandler(sta); - if (res.first) return res.second; - - ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, SH_AP_R(r), "doHandler() did not do anything."); - return SERVER_ERROR; - } - catch (exception& e) { - ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, SH_AP_R(r), "shib_handler threw an exception: %s", e.what()); - return SERVER_ERROR; - } - catch (...) { - ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, SH_AP_R(r), "shib_handler threw an unknown exception!"); - if (g_catchAll) - return SERVER_ERROR; - throw; - } -} - -/* - * shib_auth_checker() -- a simple resource manager to - * process the .htaccess settings - */ -extern "C" int shib_auth_checker(request_rec* r) -{ - // Short-circuit entirely? - if (((shib_dir_config*)ap_get_module_config(r->per_dir_config, &mod_shib))->bOff==1) - return DECLINED; - - ap_log_rerror(APLOG_MARK,APLOG_DEBUG|APLOG_NOERRNO,SH_AP_R(r), "shib_auth_checker(%d): ENTER", (int)getpid()); - - ostringstream threadid; - threadid << "[" << getpid() << "] shib_auth_checker" << '\0'; - xmltooling::NDC ndc(threadid.str().c_str()); - - try { - ShibTargetApache sta(r,false,false); - - pair res = sta.getServiceProvider().doAuthorization(sta); - if (res.first) return res.second; - - // The SP method should always return true, so if we get this far, something unusual happened. - // Just let Apache (or some other module) decide what to do. - return DECLINED; - } - catch (exception& e) { - ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, SH_AP_R(r), "shib_auth_checker threw an exception: %s", e.what()); - return SERVER_ERROR; - } - catch (...) { - ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, SH_AP_R(r), "shib_auth_checker threw an unknown exception!"); - if (g_catchAll) - return SERVER_ERROR; - throw; - } -} - -// Access control plugin that enforces htaccess rules -class htAccessControl : virtual public AccessControl -{ -public: - htAccessControl() {} - ~htAccessControl() {} - Lockable* lock() {return this;} - void unlock() {} - aclresult_t authorized(const SPRequest& request, const Session* session) const; -private: - bool checkAttribute(const SPRequest& request, const Attribute* attr, const char* toMatch, RegularExpression* re) const; -}; - -AccessControl* htAccessFactory(const xercesc::DOMElement* const & e) -{ - return new htAccessControl(); -} - -class ApacheRequestMapper : public virtual RequestMapper, public virtual PropertySet -{ -public: - ApacheRequestMapper(const xercesc::DOMElement* e); - ~ApacheRequestMapper() { delete m_mapper; delete m_htaccess; delete m_staKey; delete m_propsKey; } - Lockable* lock() { return m_mapper->lock(); } - void unlock() { m_staKey->setData(nullptr); m_propsKey->setData(nullptr); m_mapper->unlock(); } - Settings getSettings(const HTTPRequest& request) const; - - const PropertySet* getParent() const { return nullptr; } - void setParent(const PropertySet*) {} - pair getBool(const char* name, const char* ns=nullptr) const; - pair getString(const char* name, const char* ns=nullptr) const; - pair getXMLString(const char* name, const char* ns=nullptr) const; - pair getUnsignedInt(const char* name, const char* ns=nullptr) const; - pair getInt(const char* name, const char* ns=nullptr) const; - void getAll(map& properties) const; - const PropertySet* getPropertySet(const char* name, const char* ns=shibspconstants::ASCII_SHIB2SPCONFIG_NS) const; - const xercesc::DOMElement* getElement() const; - -private: - RequestMapper* m_mapper; - ThreadKey* m_staKey; - ThreadKey* m_propsKey; - AccessControl* m_htaccess; -}; - -RequestMapper* ApacheRequestMapFactory(const xercesc::DOMElement* const & e) -{ - return new ApacheRequestMapper(e); -} - -ApacheRequestMapper::ApacheRequestMapper(const xercesc::DOMElement* e) : m_mapper(nullptr), m_staKey(nullptr), m_propsKey(nullptr), m_htaccess(nullptr) -{ - m_mapper=SPConfig::getConfig().RequestMapperManager.newPlugin(XML_REQUEST_MAPPER,e); - m_htaccess=new htAccessControl(); - m_staKey=ThreadKey::create(nullptr); - m_propsKey=ThreadKey::create(nullptr); -} - -RequestMapper::Settings ApacheRequestMapper::getSettings(const HTTPRequest& request) const -{ - Settings s=m_mapper->getSettings(request); - m_staKey->setData((void*)dynamic_cast(&request)); - m_propsKey->setData((void*)s.first); - return pair(this,s.second ? s.second : m_htaccess); -} - -pair ApacheRequestMapper::getBool(const char* name, const char* ns) const -{ - const ShibTargetApache* sta=reinterpret_cast(m_staKey->getData()); - const PropertySet* s=reinterpret_cast(m_propsKey->getData()); - if (sta && !ns) { - // Override Apache-settable boolean properties. - if (name && !strcmp(name,"requireSession") && sta->m_dc->bRequireSession != -1) - return make_pair(true, sta->m_dc->bRequireSession==1); - else if (name && !strcmp(name,"exportAssertion") && sta->m_dc->bExportAssertion != -1) - return make_pair(true, sta->m_dc->bExportAssertion==1); - else if (sta->m_dc->tSettings) { - const char* prop = ap_table_get(sta->m_dc->tSettings, name); - if (prop) - return make_pair(true, !strcmp(prop, "true") || !strcmp(prop, "1") || !strcmp(prop, "On")); - } - } - return s ? s->getBool(name,ns) : make_pair(false,false); -} - -pair ApacheRequestMapper::getString(const char* name, const char* ns) const -{ - const ShibTargetApache* sta=reinterpret_cast(m_staKey->getData()); - const PropertySet* s=reinterpret_cast(m_propsKey->getData()); - if (sta && !ns) { - // Override Apache-settable string properties. - if (name && !strcmp(name,"authType")) { - const char *auth_type=ap_auth_type(sta->m_req); - if (auth_type) { - // Check for Basic Hijack - if (!strcasecmp(auth_type, "basic") && sta->m_dc->bBasicHijack == 1) - auth_type = "shibboleth"; - return make_pair(true,auth_type); - } - } - else if (name && !strcmp(name,"applicationId") && sta->m_dc->szApplicationId) - return pair(true,sta->m_dc->szApplicationId); - else if (name && !strcmp(name,"requireSessionWith") && sta->m_dc->szRequireWith) - return pair(true,sta->m_dc->szRequireWith); - else if (name && !strcmp(name,"redirectToSSL") && sta->m_dc->szRedirectToSSL) - return pair(true,sta->m_dc->szRedirectToSSL); - else if (sta->m_dc->tSettings) { - const char* prop = ap_table_get(sta->m_dc->tSettings, name); - if (prop) - return make_pair(true, prop); - } - } - return s ? s->getString(name,ns) : pair(false,nullptr); -} - -pair ApacheRequestMapper::getXMLString(const char* name, const char* ns) const -{ - const PropertySet* s=reinterpret_cast(m_propsKey->getData()); - return s ? s->getXMLString(name,ns) : pair(false,nullptr); -} - -pair ApacheRequestMapper::getUnsignedInt(const char* name, const char* ns) const -{ - const ShibTargetApache* sta=reinterpret_cast(m_staKey->getData()); - const PropertySet* s=reinterpret_cast(m_propsKey->getData()); - if (sta && !ns) { - // Override Apache-settable int properties. - if (name && !strcmp(name,"redirectToSSL") && sta->m_dc->szRedirectToSSL) - return pair(true, strtol(sta->m_dc->szRedirectToSSL, nullptr, 10)); - else if (sta->m_dc->tSettings) { - const char* prop = ap_table_get(sta->m_dc->tSettings, name); - if (prop) - return pair(true, atoi(prop)); - } - } - return s ? s->getUnsignedInt(name,ns) : pair(false,0); -} - -pair ApacheRequestMapper::getInt(const char* name, const char* ns) const -{ - const ShibTargetApache* sta=reinterpret_cast(m_staKey->getData()); - const PropertySet* s=reinterpret_cast(m_propsKey->getData()); - if (sta && !ns) { - // Override Apache-settable int properties. - if (name && !strcmp(name,"redirectToSSL") && sta->m_dc->szRedirectToSSL) - return pair(true,atoi(sta->m_dc->szRedirectToSSL)); - else if (sta->m_dc->tSettings) { - const char* prop = ap_table_get(sta->m_dc->tSettings, name); - if (prop) - return make_pair(true, atoi(prop)); - } - } - return s ? s->getInt(name,ns) : pair(false,0); -} - -static int _rm_get_all_table_walk(void *v, const char *key, const char *value) -{ - reinterpret_cast*>(v)->insert(pair(key, value)); - return 1; -} - -void ApacheRequestMapper::getAll(map& properties) const -{ - const ShibTargetApache* sta=reinterpret_cast(m_staKey->getData()); - const PropertySet* s=reinterpret_cast(m_propsKey->getData()); - - if (s) - s->getAll(properties); - if (!sta) - return; - - const char* auth_type=ap_auth_type(sta->m_req); - if (auth_type) { - // Check for Basic Hijack - if (!strcasecmp(auth_type, "basic") && sta->m_dc->bBasicHijack == 1) - auth_type = "shibboleth"; - properties["authType"] = auth_type; - } - - if (sta->m_dc->szApplicationId) - properties["applicationId"] = sta->m_dc->szApplicationId; - if (sta->m_dc->szRequireWith) - properties["requireSessionWith"] = sta->m_dc->szRequireWith; - if (sta->m_dc->szRedirectToSSL) - properties["redirectToSSL"] = sta->m_dc->szRedirectToSSL; - if (sta->m_dc->bRequireSession != 0) - properties["requireSession"] = (sta->m_dc->bRequireSession==1) ? "true" : "false"; - if (sta->m_dc->bExportAssertion != 0) - properties["exportAssertion"] = (sta->m_dc->bExportAssertion==1) ? "true" : "false"; - - if (sta->m_dc->tSettings) - ap_table_do(_rm_get_all_table_walk, &properties, sta->m_dc->tSettings, NULL); -} - -const PropertySet* ApacheRequestMapper::getPropertySet(const char* name, const char* ns) const -{ - const PropertySet* s=reinterpret_cast(m_propsKey->getData()); - return s ? s->getPropertySet(name,ns) : nullptr; -} - -const xercesc::DOMElement* ApacheRequestMapper::getElement() const -{ - const PropertySet* s=reinterpret_cast(m_propsKey->getData()); - return s ? s->getElement() : nullptr; -} - -static SH_AP_TABLE* groups_for_user(request_rec* r, const char* user, char* grpfile) -{ - SH_AP_CONFIGFILE* f; - SH_AP_TABLE* grps=ap_make_table(r->pool,15); - char l[MAX_STRING_LEN]; - const char *group_name, *ll, *w; - -#ifdef SHIB_APACHE_13 - if (!(f=ap_pcfg_openfile(r->pool,grpfile))) { -#else - if (ap_pcfg_openfile(&f,r->pool,grpfile) != APR_SUCCESS) { -#endif - ap_log_rerror(APLOG_MARK,APLOG_DEBUG,SH_AP_R(r),"groups_for_user() could not open group file: %s\n",grpfile); - return nullptr; - } - - SH_AP_POOL* sp; -#ifdef SHIB_APACHE_13 - sp=ap_make_sub_pool(r->pool); -#else - if (apr_pool_create(&sp,r->pool) != APR_SUCCESS) { - ap_log_rerror(APLOG_MARK,APLOG_ERR,0,r, - "groups_for_user() could not create a subpool"); - return nullptr; - } -#endif - - while (!(ap_cfg_getline(l,MAX_STRING_LEN,f))) { - if ((*l=='#') || (!*l)) - continue; - ll = l; - ap_clear_pool(sp); - - group_name=ap_getword(sp,&ll,':'); - - while (*ll) { - w=ap_getword_conf(sp,&ll); - if (!strcmp(w,user)) { - ap_table_setn(grps,ap_pstrdup(r->pool,group_name),"in"); - break; - } - } - } - ap_cfg_closefile(f); - ap_destroy_pool(sp); - return grps; -} - -bool htAccessControl::checkAttribute(const SPRequest& request, const Attribute* attr, const char* toMatch, RegularExpression* re) const -{ - bool caseSensitive = attr->isCaseSensitive(); - const vector& vals = attr->getSerializedValues(); - for (vector::const_iterator v=vals.begin(); v!=vals.end(); ++v) { - if (re) { - auto_arrayptr trans(fromUTF8(v->c_str())); - if (re->matches(trans.get())) { - if (request.isPriorityEnabled(SPRequest::SPDebug)) - request.log(SPRequest::SPDebug, string("htaccess: expecting regexp ") + toMatch + ", got " + *v + ": acccepted"); - return true; - } - } - else if ((caseSensitive && *v == toMatch) || (!caseSensitive && !strcasecmp(v->c_str(), toMatch))) { - if (request.isPriorityEnabled(SPRequest::SPDebug)) - request.log(SPRequest::SPDebug, string("htaccess: expecting ") + toMatch + ", got " + *v + ": accepted"); - return true; - } - else if (request.isPriorityEnabled(SPRequest::SPDebug)) { - request.log(SPRequest::SPDebug, string("htaccess: expecting ") + toMatch + ", got " + *v + ": rejected"); - } - } - return false; -} - -AccessControl::aclresult_t htAccessControl::authorized(const SPRequest& request, const Session* session) const -{ - // Make sure the object is our type. - const ShibTargetApache* sta=dynamic_cast(&request); - if (!sta) - throw ConfigurationException("Request wrapper object was not of correct type."); - - int m=sta->m_req->method_number; - bool method_restricted=false; - const char *t, *w; - - const array_header* reqs_arr=ap_requires(sta->m_req); - if (!reqs_arr) - return shib_acl_indeterminate; // should never happen - - // Check for an "embedded" AccessControl plugin. - if (sta->m_dc->szAccessControl) { - aclresult_t result = shib_acl_false; - try { - ifstream aclfile(sta->m_dc->szAccessControl); - xercesc::DOMDocument* acldoc = XMLToolingConfig::getConfig().getParser().parse(aclfile); - XercesJanitor docjanitor(acldoc); - static XMLCh _type[] = UNICODE_LITERAL_4(t,y,p,e); - string t(XMLHelper::getAttrString(acldoc ? acldoc->getDocumentElement() : nullptr, nullptr, _type)); - if (t.empty()) - throw ConfigurationException("Missing type attribute in AccessControl plugin configuration."); - auto_ptr aclplugin(SPConfig::getConfig().AccessControlManager.newPlugin(t.c_str(), acldoc->getDocumentElement())); - Locker acllock(aclplugin.get()); - result = aclplugin->authorized(request, session); - } - catch (exception& ex) { - request.log(SPRequest::SPError, ex.what()); - } - - if (result == shib_acl_true && sta->m_dc->bRequireAll != 1) { - // If we're not insisting that all rules be met, then we're done. - request.log(SPRequest::SPDebug, "htaccess: embedded AccessControl plugin was successful, granting access"); - return shib_acl_true; - } - else if (result != shib_acl_true && sta->m_dc->bRequireAll == 1) { - // If we're insisting that all rules be met, which is not something Apache really handles well, - // then we either return false or indeterminate based on the authoritative option, which defaults on. - if (sta->m_dc->bAuthoritative != 0) { - request.log(SPRequest::SPDebug, "htaccess: embedded AccessControl plugin was unsuccessful, denying access"); - return shib_acl_false; - } - - request.log(SPRequest::SPDebug, "htaccess: embedded AccessControl plugin was unsuccessful but not authoritative, leaving it up to Apache"); - return shib_acl_indeterminate; - } - } - - - require_line* reqs=(require_line*)reqs_arr->elts; - - for (int x=0; xnelts; x++) { - // This rule should be completely ignored, the method doesn't fit. - // The rule just doesn't exist for our purposes. - if (!(reqs[x].method_mask & (1 << m))) - continue; - - method_restricted=true; // this lets us know at the end that at least one rule was potentially enforcable. - - // Tracks status of this rule's evaluation. - bool status = false; - - string remote_user = request.getRemoteUser(); - - t = reqs[x].requirement; - w = ap_getword_white(sta->m_req->pool, &t); - - if (!strcasecmp(w,"shibboleth")) { - // This is a dummy rule needed because Apache conflates authn and authz. - // Without some require rule, AuthType is ignored and no check_user hooks run. - - // We evaluate to false if ShibAccessControl is used and ShibRequireAll is off. - // This allows actual rules to dictate the result, since ShibAccessControl returned - // non-true, and if nothing else is used, access will be denied. - if (!sta->m_dc->szAccessControl || sta->m_dc->bRequireAll == 1) { - // We evaluate to true, because ShibRequireAll is enabled (so a true is just a no-op) - // or because there was no other AccessControl rule in place, so this may be the only - // rule in effect. - status = true; - } - } - else if (!strcmp(w,"valid-user") && session) { - request.log(SPRequest::SPDebug, "htaccess: accepting valid-user based on active session"); - status = true; - } - else if (!strcmp(w,"user") && !remote_user.empty()) { - bool regexp = false; - while (*t) { - w = ap_getword_conf(sta->m_req->pool,&t); - if (*w == '~') { - regexp = true; - continue; - } - else if (*w == '!') { - // A negated rule presumes success unless a match is found. - status = true; - if (*(w+1) == '~') - regexp = true; - continue; - } - - // Figure out if there's a match. - bool match = false; - if (regexp) { - try { - // To do regex matching, we have to convert from UTF-8. - auto_arrayptr trans(fromUTF8(w)); - RegularExpression re(trans.get()); - auto_arrayptr trans2(fromUTF8(remote_user.c_str())); - match = re.matches(trans2.get()); - } - catch (XMLException& ex) { - auto_ptr_char tmp(ex.getMessage()); - request.log(SPRequest::SPError, - string("htaccess plugin caught exception while parsing regular expression (") + w + "): " + tmp.get()); - } - } - else if (remote_user == w) { - match = true; - } - - if (match) { - // If we matched, then we're done with this rule either way and we flip status to reflect the outcome. - status = !status; - if (request.isPriorityEnabled(SPRequest::SPDebug)) - request.log(SPRequest::SPDebug, - string("htaccess: require user ") + (!status ? "rejecting (" : "accepting (") + remote_user + ")"); - break; - } - } - } - else if (!strcmp(w,"group") && !remote_user.empty()) { - SH_AP_TABLE* grpstatus = nullptr; - if (sta->m_dc->szAuthGrpFile) { - if (request.isPriorityEnabled(SPRequest::SPDebug)) - request.log(SPRequest::SPDebug,string("htaccess plugin using groups file: ") + sta->m_dc->szAuthGrpFile); - grpstatus = groups_for_user(sta->m_req,remote_user.c_str(),sta->m_dc->szAuthGrpFile); - } - - while (*t) { - w = ap_getword_conf(sta->m_req->pool,&t); - if (*w == '!') { - // A negated rule presumes success unless a match is found. - status = true; - continue; - } - - if (grpstatus && ap_table_get(grpstatus,w)) { - // If we matched, then we're done with this rule either way and we flip status to reflect the outcome. - status = !status; - request.log(SPRequest::SPDebug, string("htaccess: require group ") + (!status ? "rejecting (" : "accepting (") + w + ")"); - break; - } - } - } - else if (!strcmp(w,"authnContextClassRef") || !strcmp(w,"authnContextDeclRef")) { - const char* ref = !strcmp(w,"authnContextClassRef") ? session->getAuthnContextClassRef() : session->getAuthnContextDeclRef(); - if (ref && *ref) { - bool regexp = false; - while (ref && *t) { - w = ap_getword_conf(sta->m_req->pool,&t); - if (*w == '~') { - regexp=true; - continue; - } - else if (*w == '!') { - // A negated rule presumes success unless a match is found. - status = true; - if (*(w+1)=='~') - regexp = true; - continue; - } - - // Figure out if there's a match. - bool match = false; - if (regexp) { - try { - // To do regex matching, we have to convert from UTF-8. - RegularExpression re(w); - match = re.matches(ref); - } - catch (XMLException& ex) { - auto_ptr_char tmp(ex.getMessage()); - request.log(SPRequest::SPError, - string("htaccess plugin caught exception while parsing regular expression (") + w + "): " + tmp.get()); - } - } - else if (!strcmp(w,ref)) { - match = true; - } - - if (match) { - // If we matched, then we're done with this rule either way and we flip status to reflect the outcome. - status = !status; - if (request.isPriorityEnabled(SPRequest::SPDebug)) - request.log(SPRequest::SPDebug, - string("htaccess: require authnContext ") + (!status ? "rejecting (" : "accepting (") + ref + ")"); - break; - } - } - } - else if (request.isPriorityEnabled(SPRequest::SPDebug)) { - request.log(SPRequest::SPDebug, "htaccess: require authnContext rejecting session with no context associated"); - } - } - else if (!session) { - request.log(SPRequest::SPError, string("htaccess: require ") + w + " not given a valid session, are you using lazy sessions?"); - } - else { - // Find the attribute(s) matching the require rule. - pair::const_iterator,multimap::const_iterator> attrs = - session->getIndexedAttributes().equal_range(w); - - bool regexp=false; - while (!status && attrs.first!=attrs.second && *t) { - w=ap_getword_conf(sta->m_req->pool,&t); - if (*w=='~') { - regexp=true; - continue; - } - - try { - auto_ptr re; - if (regexp) { - delete re.release(); - auto_arrayptr trans(fromUTF8(w)); - auto_ptr temp(new xercesc::RegularExpression(trans.get())); - re=temp; - } - - pair::const_iterator,multimap::const_iterator> attrs2(attrs); - for (; !status && attrs2.first!=attrs2.second; ++attrs2.first) { - if (checkAttribute(request, attrs2.first->second, w, regexp ? re.get() : nullptr)) { - status = true; - } - } - } - catch (XMLException& ex) { - auto_ptr_char tmp(ex.getMessage()); - request.log(SPRequest::SPError, - string("htaccess plugin caught exception while parsing regular expression (") + w + "): " + tmp.get() - ); - } - } - } - - // If status is false, we found a rule we couldn't satisfy. - // Could be an unknown rule to us, or it just didn't match. - - if (status && sta->m_dc->bRequireAll != 1) { - // If we're not insisting that all rules be met, then we're done. - request.log(SPRequest::SPDebug, "htaccess: a rule was successful, granting access"); - return shib_acl_true; - } - else if (!status && sta->m_dc->bRequireAll == 1) { - // If we're insisting that all rules be met, which is not something Apache really handles well, - // then we either return false or indeterminate based on the authoritative option, which defaults on. - if (sta->m_dc->bAuthoritative != 0) { - request.log(SPRequest::SPDebug, "htaccess: a rule was unsuccessful, denying access"); - return shib_acl_false; - } - - request.log(SPRequest::SPDebug, "htaccess: a rule was unsuccessful but not authoritative, leaving it up to Apache"); - return shib_acl_indeterminate; - } - - // Otherwise, we keep going. If we're requring all, then we have to check every rule. - // If not we just didn't find a successful rule yet, so we keep going anyway. - } - - // If we get here, we either "failed" or we're in require all mode (but not both). - // If no rules possibly apply or we insisted that all rules check out, then we're good. - if (!method_restricted) { - request.log(SPRequest::SPDebug, "htaccess: no rules applied to this request method, granting access"); - return shib_acl_true; - } - else if (sta->m_dc->bRequireAll == 1) { - request.log(SPRequest::SPDebug, "htaccess: all rules successful, granting access"); - return shib_acl_true; - } - else if (sta->m_dc->bAuthoritative != 0) { - request.log(SPRequest::SPDebug, "htaccess: no rules were successful, denying access"); - return shib_acl_false; - } - - request.log(SPRequest::SPDebug, "htaccess: no rules were successful but not authoritative, leaving it up to Apache"); - return shib_acl_indeterminate; -} - - -// Initial look at a request - create the per-request structure -static int shib_post_read(request_rec *r) -{ - init_request_config(r); - //ap_log_rerror(APLOG_MARK,APLOG_DEBUG|APLOG_NOERRNO,SH_AP_R(r), "shib_post_read"); - return DECLINED; -} - -// fixups: set environment vars - -extern "C" int shib_fixups(request_rec* r) -{ - shib_request_config *rc = (shib_request_config*)ap_get_module_config(r->request_config, &mod_shib); - shib_dir_config *dc = (shib_dir_config*)ap_get_module_config(r->per_dir_config, &mod_shib); - if (dc->bOff==1 || dc->bUseEnvVars==0) - return DECLINED; - - ap_log_rerror(APLOG_MARK,APLOG_DEBUG|APLOG_NOERRNO,SH_AP_R(r), "shib_fixup(%d): ENTER", (int)getpid()); - - if (rc==nullptr || rc->env==nullptr || ap_is_empty_table(rc->env)) - return DECLINED; - - ap_log_rerror(APLOG_MARK,APLOG_DEBUG|APLOG_NOERRNO,SH_AP_R(r), "shib_fixup adding %d vars", ap_table_elts(rc->env)->nelts); - r->subprocess_env = ap_overlay_tables(r->pool, r->subprocess_env, rc->env); - - return OK; -} - -#ifdef SHIB_APACHE_13 -/* - * shib_child_exit() - * Cleanup the (per-process) pool info. - */ -extern "C" void shib_child_exit(server_rec* s, SH_AP_POOL* p) -{ - if (g_Config) { - ap_log_error(APLOG_MARK,APLOG_DEBUG|APLOG_NOERRNO,SH_AP_R(s),"shib_child_exit(%d) dealing with g_Config..", (int)getpid()); - g_Config->term(); - g_Config = nullptr; - ap_log_error(APLOG_MARK,APLOG_DEBUG|APLOG_NOERRNO,SH_AP_R(s),"shib_child_exit() done"); - } -} -#else -/* - * shib_exit() - * Apache 2.x doesn't allow for per-child cleanup, causes CGI forks to hang. - */ -extern "C" apr_status_t shib_exit(void* data) -{ - if (g_Config) { - g_Config->term(); - g_Config = nullptr; - } - ap_log_error(APLOG_MARK,APLOG_DEBUG|APLOG_NOERRNO,0,nullptr,"shib_exit() done"); - return OK; -} -#endif - -/* - * shire_child_init() - * Things to do when the child process is initialized. - * (or after the configs are read in apache-2) - */ -#ifdef SHIB_APACHE_13 -extern "C" void shib_child_init(server_rec* s, SH_AP_POOL* p) -#else -extern "C" void shib_child_init(apr_pool_t* p, server_rec* s) -#endif -{ - // Initialize runtime components. - - ap_log_error(APLOG_MARK,APLOG_DEBUG|APLOG_NOERRNO,SH_AP_R(s),"shib_child_init(%d) starting", (int)getpid()); - - if (g_Config) { - ap_log_error(APLOG_MARK,APLOG_ERR|APLOG_NOERRNO,SH_AP_R(s),"shib_child_init() already initialized!"); - exit(1); - } - - g_Config=&SPConfig::getConfig(); - g_Config->setFeatures( - SPConfig::Listener | - SPConfig::Caching | - SPConfig::RequestMapping | - SPConfig::InProcess | - SPConfig::Logging | - SPConfig::Handlers - ); - if (!g_Config->init(g_szSchemaDir, g_szPrefix)) { - ap_log_error(APLOG_MARK,APLOG_CRIT|APLOG_NOERRNO,SH_AP_R(s),"shib_child_init() failed to initialize libraries"); - exit(1); - } - g_Config->AccessControlManager.registerFactory(HT_ACCESS_CONTROL,&htAccessFactory); - g_Config->RequestMapperManager.registerFactory(NATIVE_REQUEST_MAPPER,&ApacheRequestMapFactory); - - try { - if (!g_Config->instantiate(g_szSHIBConfig, true)) - throw runtime_error("unknown error"); - } - catch (exception& ex) { - ap_log_error(APLOG_MARK,APLOG_CRIT|APLOG_NOERRNO,SH_AP_R(s),"%s",ex.what()); - ap_log_error(APLOG_MARK,APLOG_CRIT|APLOG_NOERRNO,SH_AP_R(s),"shib_child_init() failed to load configuration"); - exit(1); - } - - ServiceProvider* sp=g_Config->getServiceProvider(); - xmltooling::Locker locker(sp); - const PropertySet* props=sp->getPropertySet("InProcess"); - if (props) { - pair unsetValue=props->getString("unsetHeaderValue"); - if (unsetValue.first) - g_unsetHeaderValue = unsetValue.second; - pair flag=props->getBool("checkSpoofing"); - g_checkSpoofing = !flag.first || flag.second; - if (g_checkSpoofing) { - unsetValue=props->getString("spoofKey"); - if (unsetValue.first) - g_spoofKey = unsetValue.second; - } - flag=props->getBool("catchAll"); - g_catchAll = flag.first && flag.second; - } - - // Set the cleanup handler - apr_pool_cleanup_register(p, nullptr, &shib_exit, apr_pool_cleanup_null); - - ap_log_error(APLOG_MARK,APLOG_DEBUG|APLOG_NOERRNO,SH_AP_R(s),"shib_child_init() done"); -} - -// Output filters -#ifdef SHIB_DEFERRED_HEADERS -static void set_output_filter(request_rec *r) -{ - ap_add_output_filter("SHIB_HEADERS_OUT", nullptr, r, r->connection); -} - -static void set_error_filter(request_rec *r) -{ - ap_add_output_filter("SHIB_HEADERS_ERR", nullptr, r, r->connection); -} - -static int _table_add(void *v, const char *key, const char *value) -{ - apr_table_addn((apr_table_t*)v, key, value); - return 1; -} - -static apr_status_t do_output_filter(ap_filter_t *f, apr_bucket_brigade *in) -{ - request_rec *r = f->r; - shib_request_config *rc = (shib_request_config*) ap_get_module_config(r->request_config, &mod_shib); - - if (rc && rc->hdr_out) { - ap_log_rerror(APLOG_MARK,APLOG_DEBUG|APLOG_NOERRNO,SH_AP_R(r),"shib_out_filter: merging %d headers", apr_table_elts(rc->hdr_out)->nelts); - // can't use overlap call because it will collapse Set-Cookie headers - //apr_table_overlap(r->headers_out, rc->hdr_out, APR_OVERLAP_TABLES_MERGE); - apr_table_do(_table_add,r->headers_out, rc->hdr_out,NULL); - } - - /* remove ourselves from the filter chain */ - ap_remove_output_filter(f); - - /* send the data up the stack */ - return ap_pass_brigade(f->next,in); -} - -static apr_status_t do_error_filter(ap_filter_t *f, apr_bucket_brigade *in) -{ - request_rec *r = f->r; - shib_request_config *rc = (shib_request_config*) ap_get_module_config(r->request_config, &mod_shib); - - if (rc && rc->hdr_out) { - ap_log_rerror(APLOG_MARK,APLOG_DEBUG|APLOG_NOERRNO,SH_AP_R(r),"shib_err_filter: merging %d headers", apr_table_elts(rc->hdr_out)->nelts); - // can't use overlap call because it will collapse Set-Cookie headers - //apr_table_overlap(r->err_headers_out, rc->hdr_out, APR_OVERLAP_TABLES_MERGE); - apr_table_do(_table_add,r->err_headers_out, rc->hdr_out,NULL); - } - - /* remove ourselves from the filter chain */ - ap_remove_output_filter(f); - - /* send the data up the stack */ - return ap_pass_brigade(f->next,in); -} -#endif // SHIB_DEFERRED_HEADERS - -typedef const char* (*config_fn_t)(void); - -#ifdef SHIB_APACHE_13 - -// SHIB Module commands - -static command_rec shire_cmds[] = { - {"ShibPrefix", (config_fn_t)ap_set_global_string_slot, &g_szPrefix, - RSRC_CONF, TAKE1, "Shibboleth installation directory"}, - {"ShibConfig", (config_fn_t)ap_set_global_string_slot, &g_szSHIBConfig, - RSRC_CONF, TAKE1, "Path to shibboleth2.xml config file"}, - {"ShibCatalogs", (config_fn_t)ap_set_global_string_slot, &g_szSchemaDir, - RSRC_CONF, TAKE1, "Paths of XML schema catalogs"}, - - {"ShibURLScheme", (config_fn_t)shib_set_server_string_slot, - (void *) XtOffsetOf (shib_server_config, szScheme), - RSRC_CONF, TAKE1, "URL scheme to force into generated URLs for a vhost"}, - - {"ShibRequestSetting", (config_fn_t)shib_table_set, nullptr, - OR_AUTHCFG, TAKE2, "Set arbitrary Shibboleth request property for content"}, - - {"ShibAccessControl", (config_fn_t)ap_set_string_slot, - (void *) XtOffsetOf (shib_dir_config, szAccessControl), - OR_AUTHCFG, TAKE1, "Set arbitrary Shibboleth access control plugin for content"}, - - {"ShibDisable", (config_fn_t)ap_set_flag_slot, - (void *) XtOffsetOf (shib_dir_config, bOff), - OR_AUTHCFG, FLAG, "Disable all Shib module activity here to save processing effort"}, - {"ShibApplicationId", (config_fn_t)ap_set_string_slot, - (void *) XtOffsetOf (shib_dir_config, szApplicationId), - OR_AUTHCFG, TAKE1, "Set Shibboleth applicationId property for content"}, - {"ShibBasicHijack", (config_fn_t)ap_set_flag_slot, - (void *) XtOffsetOf (shib_dir_config, bBasicHijack), - OR_AUTHCFG, FLAG, "(DEPRECATED) Respond to AuthType Basic and convert to shibboleth"}, - {"ShibRequireSession", (config_fn_t)ap_set_flag_slot, - (void *) XtOffsetOf (shib_dir_config, bRequireSession), - OR_AUTHCFG, FLAG, "Initiates a new session if one does not exist"}, - {"ShibRequireSessionWith", (config_fn_t)ap_set_string_slot, - (void *) XtOffsetOf (shib_dir_config, szRequireWith), - OR_AUTHCFG, TAKE1, "Initiates a new session if one does not exist using a specific SessionInitiator"}, - {"ShibExportAssertion", (config_fn_t)ap_set_flag_slot, - (void *) XtOffsetOf (shib_dir_config, bExportAssertion), - OR_AUTHCFG, FLAG, "Export SAML attribute assertion(s) to Shib-Attributes header"}, - {"ShibRedirectToSSL", (config_fn_t)ap_set_string_slot, - (void *) XtOffsetOf (shib_dir_config, szRedirectToSSL), - OR_AUTHCFG, TAKE1, "Redirect non-SSL requests to designated port" }, - {"AuthGroupFile", (config_fn_t)shib_ap_set_file_slot, - (void *) XtOffsetOf (shib_dir_config, szAuthGrpFile), - OR_AUTHCFG, TAKE1, "text file containing group names and member user IDs"}, - {"ShibRequireAll", (config_fn_t)ap_set_flag_slot, - (void *) XtOffsetOf (shib_dir_config, bRequireAll), - OR_AUTHCFG, FLAG, "All require directives must match"}, - {"AuthzShibAuthoritative", (config_fn_t)ap_set_flag_slot, - (void *) XtOffsetOf (shib_dir_config, bAuthoritative), - OR_AUTHCFG, FLAG, "Allow failed mod_shib htaccess authorization to fall through to other modules"}, - {"ShibUseEnvironment", (config_fn_t)ap_set_flag_slot, - (void *) XtOffsetOf (shib_dir_config, bUseEnvVars), - OR_AUTHCFG, FLAG, "Export attributes using environment variables (default)"}, - {"ShibUseHeaders", (config_fn_t)ap_set_flag_slot, - (void *) XtOffsetOf (shib_dir_config, bUseHeaders), - OR_AUTHCFG, FLAG, "Export attributes using custom HTTP headers"}, - {"ShibExpireRedirects", (config_fn_t)ap_set_flag_slot, - (void *) XtOffsetOf (shib_dir_config, bExpireRedirects), - OR_AUTHCFG, FLAG, "Expire SP-generated redirects"}, - - {nullptr} -}; - -extern "C"{ -handler_rec shib_handlers[] = { - { "shib-handler", shib_handler }, - { nullptr } -}; - -module MODULE_VAR_EXPORT mod_shib = { - STANDARD_MODULE_STUFF, - nullptr, /* initializer */ - create_shib_dir_config, /* dir config creater */ - merge_shib_dir_config, /* dir merger --- default is to override */ - create_shib_server_config, /* server config */ - merge_shib_server_config, /* merge server config */ - shire_cmds, /* command table */ - shib_handlers, /* handlers */ - nullptr, /* filename translation */ - shib_check_user, /* check_user_id */ - shib_auth_checker, /* check auth */ - nullptr, /* check access */ - nullptr, /* type_checker */ - shib_fixups, /* fixups */ - nullptr, /* logger */ - nullptr, /* header parser */ - shib_child_init, /* child_init */ - shib_child_exit, /* child_exit */ - shib_post_read /* post read-request */ -}; - -#elif defined(SHIB_APACHE_20) || defined(SHIB_APACHE_22) - -//static const char * const authnPre[] = { "mod_gss.c", nullptr }; - -extern "C" void shib_register_hooks (apr_pool_t *p) -{ -#ifdef SHIB_DEFERRED_HEADERS - ap_register_output_filter("SHIB_HEADERS_OUT", do_output_filter, nullptr, AP_FTYPE_CONTENT_SET); - ap_hook_insert_filter(set_output_filter, nullptr, nullptr, APR_HOOK_LAST); - ap_register_output_filter("SHIB_HEADERS_ERR", do_error_filter, nullptr, AP_FTYPE_CONTENT_SET); - ap_hook_insert_error_filter(set_error_filter, nullptr, nullptr, APR_HOOK_LAST); - ap_hook_post_read_request(shib_post_read, nullptr, nullptr, APR_HOOK_MIDDLE); -#endif - ap_hook_child_init(shib_child_init, nullptr, nullptr, APR_HOOK_MIDDLE); - const char* prereq = getenv("SHIBSP_APACHE_PREREQ"); - if (prereq && *prereq) { - const char* const authnPre[] = { prereq, nullptr }; - ap_hook_check_user_id(shib_check_user, authnPre, nullptr, APR_HOOK_MIDDLE); - } - else { - ap_hook_check_user_id(shib_check_user, nullptr, nullptr, APR_HOOK_MIDDLE); - } - ap_hook_auth_checker(shib_auth_checker, nullptr, nullptr, APR_HOOK_FIRST); - ap_hook_handler(shib_handler, nullptr, nullptr, APR_HOOK_LAST); - ap_hook_fixups(shib_fixups, nullptr, nullptr, APR_HOOK_MIDDLE); -} - -// SHIB Module commands - -extern "C" { -static command_rec shib_cmds[] = { - AP_INIT_TAKE1("ShibPrefix", (config_fn_t)ap_set_global_string_slot, &g_szPrefix, - RSRC_CONF, "Shibboleth installation directory"), - AP_INIT_TAKE1("ShibConfig", (config_fn_t)ap_set_global_string_slot, &g_szSHIBConfig, - RSRC_CONF, "Path to shibboleth2.xml config file"), - AP_INIT_TAKE1("ShibCatalogs", (config_fn_t)ap_set_global_string_slot, &g_szSchemaDir, - RSRC_CONF, "Paths of XML schema catalogs"), - AP_INIT_TAKE1("ShibGSSKey", (config_fn_t)ap_set_global_string_slot, &g_szGSSContextKey, - RSRC_CONF, "Name of user data key containing GSS context established by GSS module"), - - AP_INIT_TAKE1("ShibURLScheme", (config_fn_t)shib_set_server_string_slot, - (void *) offsetof (shib_server_config, szScheme), - RSRC_CONF, "URL scheme to force into generated URLs for a vhost"), - - AP_INIT_TAKE2("ShibRequestSetting", (config_fn_t)shib_table_set, nullptr, - OR_AUTHCFG, "Set arbitrary Shibboleth request property for content"), - - AP_INIT_TAKE1("ShibAccessControl", (config_fn_t)ap_set_string_slot, - (void *) offsetof (shib_dir_config, szAccessControl), - OR_AUTHCFG, "Set arbitrary Shibboleth access control plugin for content"), - - AP_INIT_FLAG("ShibDisable", (config_fn_t)ap_set_flag_slot, - (void *) offsetof (shib_dir_config, bOff), - OR_AUTHCFG, "Disable all Shib module activity here to save processing effort"), - AP_INIT_TAKE1("ShibApplicationId", (config_fn_t)ap_set_string_slot, - (void *) offsetof (shib_dir_config, szApplicationId), - OR_AUTHCFG, "Set Shibboleth applicationId property for content"), - AP_INIT_FLAG("ShibBasicHijack", (config_fn_t)ap_set_flag_slot, - (void *) offsetof (shib_dir_config, bBasicHijack), - OR_AUTHCFG, "(DEPRECATED) Respond to AuthType Basic and convert to shibboleth"), - AP_INIT_FLAG("ShibRequireSession", (config_fn_t)ap_set_flag_slot, - (void *) offsetof (shib_dir_config, bRequireSession), - OR_AUTHCFG, "Initiates a new session if one does not exist"), - AP_INIT_TAKE1("ShibRequireSessionWith", (config_fn_t)ap_set_string_slot, - (void *) offsetof (shib_dir_config, szRequireWith), - OR_AUTHCFG, "Initiates a new session if one does not exist using a specific SessionInitiator"), - AP_INIT_FLAG("ShibExportAssertion", (config_fn_t)ap_set_flag_slot, - (void *) offsetof (shib_dir_config, bExportAssertion), - OR_AUTHCFG, "Export SAML attribute assertion(s) to Shib-Attributes header"), - AP_INIT_TAKE1("ShibRedirectToSSL", (config_fn_t)ap_set_string_slot, - (void *) offsetof (shib_dir_config, szRedirectToSSL), - OR_AUTHCFG, "Redirect non-SSL requests to designated port"), - AP_INIT_TAKE1("AuthGroupFile", (config_fn_t)shib_ap_set_file_slot, - (void *) offsetof (shib_dir_config, szAuthGrpFile), - OR_AUTHCFG, "Text file containing group names and member user IDs"), - AP_INIT_FLAG("ShibRequireAll", (config_fn_t)ap_set_flag_slot, - (void *) offsetof (shib_dir_config, bRequireAll), - OR_AUTHCFG, "All require directives must match"), - AP_INIT_FLAG("AuthzShibAuthoritative", (config_fn_t)ap_set_flag_slot, - (void *) offsetof (shib_dir_config, bAuthoritative), - OR_AUTHCFG, "Allow failed mod_shib htaccess authorization to fall through to other modules"), - AP_INIT_FLAG("ShibUseEnvironment", (config_fn_t)ap_set_flag_slot, - (void *) offsetof (shib_dir_config, bUseEnvVars), - OR_AUTHCFG, "Export attributes using environment variables (default)"), - AP_INIT_FLAG("ShibUseHeaders", (config_fn_t)ap_set_flag_slot, - (void *) offsetof (shib_dir_config, bUseHeaders), - OR_AUTHCFG, "Export attributes using custom HTTP headers"), - AP_INIT_FLAG("ShibExpireRedirects", (config_fn_t)ap_set_flag_slot, - (void *) offsetof (shib_dir_config, bExpireRedirects), - OR_AUTHCFG, "Expire SP-generated redirects"), - - {nullptr} -}; - -module AP_MODULE_DECLARE_DATA mod_shib = { - STANDARD20_MODULE_STUFF, - create_shib_dir_config, /* create dir config */ - merge_shib_dir_config, /* merge dir config --- default is to override */ - create_shib_server_config, /* create server config */ - merge_shib_server_config, /* merge server config */ - shib_cmds, /* command table */ - shib_register_hooks /* register hooks */ -}; - -#else -#error "unsupported Apache version" -#endif - -} diff -Nru shibboleth-sp2-2.4.3+dfsg/apache/mod_shib.cpp shibboleth-sp2-2.5.2+dfsg/apache/mod_shib.cpp --- shibboleth-sp2-2.4.3+dfsg/apache/mod_shib.cpp 1970-01-01 00:00:00.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/apache/mod_shib.cpp 2013-06-17 19:42:19.000000000 +0000 @@ -0,0 +1,2305 @@ +/** + * Licensed to the University Corporation for Advanced Internet + * Development, Inc. (UCAID) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for + * additional information regarding copyright ownership. + * + * UCAID licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the + * License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific + * language governing permissions and limitations under the License. + */ + +/** + * mod_shib.cpp + * + * Apache module implementation. + */ + +#define SHIBSP_LITE + +#ifdef SOLARIS2 +#undef _XOPEN_SOURCE // causes gethostname conflict in unistd.h +#endif + +#ifdef WIN32 +# define _CRT_NONSTDC_NO_DEPRECATE 1 +# define _CRT_SECURE_NO_DEPRECATE 1 +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +#ifdef WIN32 +# include +# include +#endif + +#undef _XPG4_2 + +#include +#include +#include +#include +#include + +// Apache specific header files +#include +#include +#include +#include +#define CORE_PRIVATE +#include +#include +#include + +#ifndef SHIB_APACHE_13 +#include +#include +#include +#endif + +#ifdef SHIB_APACHE_24 +#include +#endif + +#include +#ifdef HAVE_UNISTD_H +#include // for getpid() +#endif + +using namespace shibsp; +using namespace xmltooling; +using namespace boost; +using namespace std; +using xercesc::RegularExpression; +using xercesc::XMLException; + +#ifdef APLOG_USE_MODULE + extern "C" module AP_MODULE_DECLARE_DATA mod_shib; + static int* const aplog_module_index = &(mod_shib.module_index); +#else + extern "C" module MODULE_VAR_EXPORT mod_shib; +#endif + +namespace { + char* g_szSHIBConfig = nullptr; + char* g_szSchemaDir = nullptr; + char* g_szPrefix = nullptr; + SPConfig* g_Config = nullptr; + string g_unsetHeaderValue,g_spoofKey; + bool g_checkSpoofing = true; + bool g_catchAll = false; +#ifndef SHIB_APACHE_13 + char* g_szGSSContextKey = "mod_auth_gssapi:gss_ctx"; +#endif + static const char* g_UserDataKey = "urn:mace:shibboleth:Apache:shib_check_user"; +} + +/* Apache 2.2.x headers must be accumulated and set in the output filter. + Apache 2.0.49+ supports the filter method. + Apache 1.3.x and lesser 2.0.x must write the headers directly. */ + +#if (defined(SHIB_APACHE_20) || defined(SHIB_APACHE_22) || defined(SHIB_APACHE_24)) && AP_MODULE_MAGIC_AT_LEAST(20020903,6) +#define SHIB_DEFERRED_HEADERS +#endif + +/********************************************************************************/ +// Basic Apache Configuration code. +// + +// per-server module configuration structure +struct shib_server_config +{ + char* szScheme; + int bCompatValidUser; +}; + +// creates the per-server configuration +extern "C" void* create_shib_server_config(SH_AP_POOL* p, server_rec* s) +{ + shib_server_config* sc=(shib_server_config*)ap_pcalloc(p,sizeof(shib_server_config)); + sc->szScheme = nullptr; + sc->bCompatValidUser = -1; + return sc; +} + +// overrides server configuration in virtual servers +extern "C" void* merge_shib_server_config (SH_AP_POOL* p, void* base, void* sub) +{ + shib_server_config* sc=(shib_server_config*)ap_pcalloc(p,sizeof(shib_server_config)); + shib_server_config* parent=(shib_server_config*)base; + shib_server_config* child=(shib_server_config*)sub; + + if (child->szScheme) + sc->szScheme=ap_pstrdup(p,child->szScheme); + else if (parent->szScheme) + sc->szScheme=ap_pstrdup(p,parent->szScheme); + else + sc->szScheme=nullptr; + + sc->bCompatValidUser = ((child->bCompatValidUser==-1) ? parent->bCompatValidUser : child->bCompatValidUser); + + return sc; +} + +// per-dir module configuration structure +struct shib_dir_config +{ + SH_AP_TABLE* tSettings; // generic table of extensible settings + + // RM Configuration +#ifdef SHIB_APACHE_24 + int bRequestMapperAuthz;// support RequestMapper AccessControl plugins +#else + char* szAuthGrpFile; // Auth GroupFile name + char* szAccessControl; // path to "external" AccessControl plugin file + int bRequireAll; // all "known" require directives must match, otherwise OR logic + int bAuthoritative; // allow htaccess plugin to DECLINE when authz fails + int bCompatWith24; // support 2.4-reserved require logic for compatibility +#endif + + // Content Configuration + char* szApplicationId; // Shib applicationId value + char* szRequireWith; // require a session using a specific initiator? + char* szRedirectToSSL; // redirect non-SSL requests to SSL port + int bOff; // flat-out disable all Shib processing + int bBasicHijack; // activate for AuthType Basic? + int bRequireSession; // require a session? + int bExportAssertion; // export SAML assertion to the environment? + int bUseEnvVars; // use environment? + int bUseHeaders; // use headers? + int bExpireRedirects; // expire redirects? +}; + +// creates per-directory config structure +extern "C" void* create_shib_dir_config (SH_AP_POOL* p, char* d) +{ + shib_dir_config* dc=(shib_dir_config*)ap_pcalloc(p,sizeof(shib_dir_config)); + dc->tSettings = nullptr; +#ifdef SHIB_APACHE_24 + dc->bRequestMapperAuthz = -1; +#else + dc->szAuthGrpFile = nullptr; + dc->szAccessControl = nullptr; + dc->bRequireAll = -1; + dc->bAuthoritative = -1; + dc->bCompatWith24 = -1; +#endif + dc->szApplicationId = nullptr; + dc->szRequireWith = nullptr; + dc->szRedirectToSSL = nullptr; + dc->bOff = -1; + dc->bBasicHijack = -1; + dc->bRequireSession = -1; + dc->bExportAssertion = -1; + dc->bUseEnvVars = -1; + dc->bUseHeaders = -1; + dc->bExpireRedirects = -1; + return dc; +} + +// overrides server configuration in directories +extern "C" void* merge_shib_dir_config (SH_AP_POOL* p, void* base, void* sub) +{ + shib_dir_config* dc=(shib_dir_config*)ap_pcalloc(p,sizeof(shib_dir_config)); + shib_dir_config* parent=(shib_dir_config*)base; + shib_dir_config* child=(shib_dir_config*)sub; + + // The child supersedes any matching table settings in the parent. + dc->tSettings = nullptr; + if (parent->tSettings) + dc->tSettings = ap_copy_table(p, parent->tSettings); + if (child->tSettings) { + if (dc->tSettings) + ap_overlap_tables(dc->tSettings, child->tSettings, AP_OVERLAP_TABLES_SET); + else + dc->tSettings = ap_copy_table(p, child->tSettings); + } + +#ifdef SHIB_APACHE_24 + dc->bRequestMapperAuthz = ((child->bRequestMapperAuthz==-1) ? parent->bRequestMapperAuthz : child->bRequestMapperAuthz); +#else + if (child->szAuthGrpFile) + dc->szAuthGrpFile=ap_pstrdup(p,child->szAuthGrpFile); + else if (parent->szAuthGrpFile) + dc->szAuthGrpFile=ap_pstrdup(p,parent->szAuthGrpFile); + else + dc->szAuthGrpFile=nullptr; + + if (child->szAccessControl) + dc->szAccessControl=ap_pstrdup(p,child->szAccessControl); + else if (parent->szAccessControl) + dc->szAccessControl=ap_pstrdup(p,parent->szAccessControl); + else + dc->szAccessControl=nullptr; +#endif + + if (child->szApplicationId) + dc->szApplicationId=ap_pstrdup(p,child->szApplicationId); + else if (parent->szApplicationId) + dc->szApplicationId=ap_pstrdup(p,parent->szApplicationId); + else + dc->szApplicationId=nullptr; + + if (child->szRequireWith) + dc->szRequireWith=ap_pstrdup(p,child->szRequireWith); + else if (parent->szRequireWith) + dc->szRequireWith=ap_pstrdup(p,parent->szRequireWith); + else + dc->szRequireWith=nullptr; + + if (child->szRedirectToSSL) + dc->szRedirectToSSL=ap_pstrdup(p,child->szRedirectToSSL); + else if (parent->szRedirectToSSL) + dc->szRedirectToSSL=ap_pstrdup(p,parent->szRedirectToSSL); + else + dc->szRedirectToSSL=nullptr; + + dc->bOff = ((child->bOff==-1) ? parent->bOff : child->bOff); + dc->bBasicHijack = ((child->bBasicHijack==-1) ? parent->bBasicHijack : child->bBasicHijack); + dc->bRequireSession = ((child->bRequireSession==-1) ? parent->bRequireSession : child->bRequireSession); + dc->bExportAssertion = ((child->bExportAssertion==-1) ? parent->bExportAssertion : child->bExportAssertion); +#ifndef SHIB_APACHE_24 + dc->bRequireAll = ((child->bRequireAll==-1) ? parent->bRequireAll : child->bRequireAll); + dc->bAuthoritative = ((child->bAuthoritative==-1) ? parent->bAuthoritative : child->bAuthoritative); + dc->bCompatWith24 = ((child->bCompatWith24==-1) ? parent->bCompatWith24 : child->bCompatWith24); +#endif + dc->bUseEnvVars = ((child->bUseEnvVars==-1) ? parent->bUseEnvVars : child->bUseEnvVars); + dc->bUseHeaders = ((child->bUseHeaders==-1) ? parent->bUseHeaders : child->bUseHeaders); + dc->bExpireRedirects = ((child->bExpireRedirects==-1) ? parent->bExpireRedirects : child->bExpireRedirects); + return dc; +} + +class ShibTargetApache; // forward decl + +// per-request module structure +struct shib_request_config +{ + SH_AP_TABLE* env; // environment vars +#ifdef SHIB_DEFERRED_HEADERS + SH_AP_TABLE* hdr_out; // headers to browser +#endif +#ifndef SHIB_APACHE_13 + ShibTargetApache* sta; // SP per-request structure wrapped around Apache's request +#endif +}; + +// create or return a request record +static shib_request_config* get_request_config(request_rec *r) +{ + shib_request_config* rc = (shib_request_config*)ap_get_module_config(r->request_config, &mod_shib); + if (rc) { + ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, SH_AP_R(r), "get_request_config called redundantly"); + } + else { + ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, SH_AP_R(r), "get_request_config created per-request structure"); + rc = (shib_request_config*)ap_pcalloc(r->pool,sizeof(shib_request_config)); + memset(rc, 0, sizeof(shib_request_config)); + ap_set_module_config(r->request_config, &mod_shib, rc); + } + return rc; +} + +class ShibTargetApache : public AbstractSPRequest +#if defined(SHIBSP_HAVE_GSSAPI) && !defined(SHIB_APACHE_13) + , public GSSRequest +#endif +{ + mutable string m_body; + mutable bool m_gotBody,m_firsttime; + mutable vector m_certs; + set m_allhttp; +#if defined(SHIBSP_HAVE_GSSAPI) && !defined(SHIB_APACHE_13) + mutable gss_name_t m_gssname; +#endif + +public: + bool m_handler; + request_rec* m_req; + shib_dir_config* m_dc; + shib_server_config* m_sc; + shib_request_config* m_rc; + + ShibTargetApache(request_rec* req) : AbstractSPRequest(SHIBSP_LOGCAT".Apache"), + m_gotBody(false),m_firsttime(true), +#if defined(SHIBSP_HAVE_GSSAPI) && !defined(SHIB_APACHE_13) + m_gssname(GSS_C_NO_NAME), +#endif + m_handler(false), m_req(req), m_dc(nullptr), m_sc(nullptr), m_rc(nullptr) { + } + virtual ~ShibTargetApache() { +#if defined(SHIBSP_HAVE_GSSAPI) && !defined(SHIB_APACHE_13) + if (m_gssname != GSS_C_NO_NAME) { + OM_uint32 minor; + gss_release_name(&minor, &m_gssname); + } +#endif + } + + bool isInitialized() const { + return (m_sc != nullptr); + } + + bool init(bool handler, bool check_user) { + m_handler = handler; + if (m_sc) + return !check_user; // only initialize once + m_sc = (shib_server_config*)ap_get_module_config(m_req->server->module_config, &mod_shib); + m_dc = (shib_dir_config*)ap_get_module_config(m_req->per_dir_config, &mod_shib); + m_rc = (shib_request_config*)ap_get_module_config(m_req->request_config, &mod_shib); + + setRequestURI(m_req->unparsed_uri); + + if (check_user && m_dc->bUseHeaders == 1) { + // Try and see if this request was already processed, to skip spoof checking. + if (!ap_is_initial_req(m_req)) { + m_firsttime = false; + } + else if (!g_spoofKey.empty()) { + const char* hdr = ap_table_get(m_req->headers_in, "Shib-Spoof-Check"); + if (hdr && g_spoofKey == hdr) + m_firsttime = false; + } + if (!m_firsttime) + log(SPDebug, "shib_check_user running more than once"); + } + return true; + } + + const char* getScheme() const { + return m_sc->szScheme ? m_sc->szScheme : ap_http_method(m_req); + } + bool isSecure() const { + return HTTPRequest::isSecure(); + } + const char* getHostname() const { +#ifdef SHIB_APACHE_24 + return ap_get_server_name_for_url(m_req); +#else + return ap_get_server_name(m_req); +#endif + } + int getPort() const { + return ap_get_server_port(m_req); + } + const char* getMethod() const { + return m_req->method; + } + string getContentType() const { + const char* type = ap_table_get(m_req->headers_in, "Content-Type"); + return type ? type : ""; + } + long getContentLength() const { + return m_gotBody ? m_body.length() : m_req->remaining; + } + string getRemoteAddr() const { + string ret = AbstractSPRequest::getRemoteAddr(); + if (!ret.empty()) + return ret; +#ifdef SHIB_APACHE_24 + return m_req->useragent_ip; +#else + return m_req->connection->remote_ip; +#endif + } + void log(SPLogLevel level, const string& msg) const { + AbstractSPRequest::log(level,msg); + ap_log_rerror( + APLOG_MARK, + (level == SPDebug ? APLOG_DEBUG : + (level == SPInfo ? APLOG_INFO : + (level == SPWarn ? APLOG_WARNING : + (level == SPError ? APLOG_ERR : APLOG_CRIT))))|APLOG_NOERRNO, + SH_AP_R(m_req), + "%s", + msg.c_str() + ); + } + const char* getQueryString() const { return m_req->args; } + const char* getRequestBody() const { + if (m_gotBody || m_req->method_number==M_GET) + return m_body.c_str(); +#ifdef SHIB_APACHE_13 + // Read the posted data + if (ap_setup_client_block(m_req, REQUEST_CHUNKED_DECHUNK) != OK) { + m_gotBody=true; + log(SPError, "Apache function (setup_client_block) failed while reading request body."); + return m_body.c_str(); + } + if (!ap_should_client_block(m_req)) { + m_gotBody=true; + log(SPError, "Apache function (should_client_block) failed while reading request body."); + return m_body.c_str(); + } + if (m_req->remaining > 1024*1024) + throw opensaml::SecurityPolicyException("Blocked request body larger than 1M size limit."); + m_gotBody=true; + int len; + char buff[HUGE_STRING_LEN]; + ap_hard_timeout("[mod_shib] getRequestBody", m_req); + while ((len=ap_get_client_block(m_req, buff, sizeof(buff))) > 0) { + ap_reset_timeout(m_req); + m_body.append(buff, len); + } + ap_kill_timeout(m_req); +#else + const char *data; + apr_size_t len; + int seen_eos = 0; + apr_bucket_brigade* bb = apr_brigade_create(m_req->pool, m_req->connection->bucket_alloc); + do { + apr_bucket *bucket; + apr_status_t rv = ap_get_brigade(m_req->input_filters, bb, AP_MODE_READBYTES, APR_BLOCK_READ, HUGE_STRING_LEN); + if (rv != APR_SUCCESS) { + log(SPError, "Apache function (ap_get_brigade) failed while reading request body."); + break; + } + + for (bucket = APR_BRIGADE_FIRST(bb); bucket != APR_BRIGADE_SENTINEL(bb); bucket = APR_BUCKET_NEXT(bucket)) { + if (APR_BUCKET_IS_EOS(bucket)) { + seen_eos = 1; + break; + } + + /* We can't do much with this. */ + if (APR_BUCKET_IS_FLUSH(bucket)) + continue; + + /* read */ + apr_bucket_read(bucket, &data, &len, APR_BLOCK_READ); + if (len > 0) + m_body.append(data, len); + } + apr_brigade_cleanup(bb); + } while (!seen_eos); + apr_brigade_destroy(bb); + m_gotBody=true; +#endif + return m_body.c_str(); + } + const char* getParameter(const char* name) const { + return AbstractSPRequest::getParameter(name); + } + vector::size_type getParameters(const char* name, vector& values) const { + return AbstractSPRequest::getParameters(name, values); + } + void clearHeader(const char* rawname, const char* cginame) { + if (m_dc->bUseHeaders == 1) { + // ap_log_rerror(APLOG_MARK,APLOG_DEBUG|APLOG_NOERRNO,SH_AP_R(m_req), "shib_clear_header: hdr\n"); + if (g_checkSpoofing && m_firsttime) { + if (m_allhttp.empty()) { + // First time, so populate set with "CGI" versions of client-supplied headers. +#ifdef SHIB_APACHE_13 + array_header *hdrs_arr = ap_table_elts(m_req->headers_in); + table_entry *hdrs = (table_entry *) hdrs_arr->elts; +#else + const apr_array_header_t *hdrs_arr = apr_table_elts(m_req->headers_in); + const apr_table_entry_t *hdrs = (const apr_table_entry_t *) hdrs_arr->elts; +#endif + for (int i = 0; i < hdrs_arr->nelts; ++i) { + if (!hdrs[i].key) + continue; + string cgiversion("HTTP_"); + const char* pch = hdrs[i].key; + while (*pch) { + cgiversion += (isalnum(*pch) ? toupper(*pch) : '_'); + pch++; + } + m_allhttp.insert(cgiversion); + } + } + + if (m_allhttp.count(cginame) > 0) + throw opensaml::SecurityPolicyException("Attempt to spoof header ($1) was detected.", params(1, rawname)); + } + ap_table_unset(m_req->headers_in, rawname); + ap_table_set(m_req->headers_in, rawname, g_unsetHeaderValue.c_str()); + } + } + void setHeader(const char* name, const char* value) { + if (m_dc->bUseEnvVars != 0) { + if (!m_rc) { + // this happens on subrequests + // ap_log_rerror(APLOG_MARK,APLOG_DEBUG|APLOG_NOERRNO,SH_AP_R(m_req), "shib_setheader: no_m_rc\n"); + m_rc = get_request_config(m_req); + } + if (!m_rc->env) + m_rc->env = ap_make_table(m_req->pool, 10); + // ap_log_rerror(APLOG_MARK,APLOG_DEBUG|APLOG_NOERRNO,SH_AP_R(m_req), "shib_set_env: %s=%s\n", name, value?value:"Null"); + ap_table_set(m_rc->env, name, value ? value : ""); + } + if (m_dc->bUseHeaders == 1) + ap_table_set(m_req->headers_in, name, value); + } + string getHeader(const char* name) const { + const char* hdr = ap_table_get(m_req->headers_in, name); + return string(hdr ? hdr : ""); + } + string getSecureHeader(const char* name) const { + if (m_dc->bUseEnvVars != 0) { + const char *hdr; + if (m_rc && m_rc->env) + hdr = ap_table_get(m_rc->env, name); + else + hdr = nullptr; + return string(hdr ? hdr : ""); + } + return getHeader(name); + } + void setRemoteUser(const char* user) { + SH_AP_USER(m_req) = user ? ap_pstrdup(m_req->pool, user) : nullptr; + if (m_dc->bUseHeaders == 1) { + if (user) { + ap_table_set(m_req->headers_in, "REMOTE_USER", user); + } + else { + ap_table_unset(m_req->headers_in, "REMOTE_USER"); + ap_table_set(m_req->headers_in, "REMOTE_USER", g_unsetHeaderValue.c_str()); + } + } + } + string getRemoteUser() const { + return string(SH_AP_USER(m_req) ? SH_AP_USER(m_req) : ""); + } + void setAuthType(const char* authtype) { + if (authtype && m_dc->bBasicHijack == 1) + authtype = "Basic"; + SH_AP_AUTH_TYPE(m_req) = authtype ? ap_pstrdup(m_req->pool, authtype) : nullptr; + } + string getAuthType() const { + return string(SH_AP_AUTH_TYPE(m_req) ? SH_AP_AUTH_TYPE(m_req) : ""); + } + void setContentType(const char* type) { + m_req->content_type = ap_psprintf(m_req->pool, "%s", type); + } + void setResponseHeader(const char* name, const char* value) { + HTTPResponse::setResponseHeader(name, value); +#ifdef SHIB_DEFERRED_HEADERS + if (!m_rc) + // this happens on subrequests + m_rc = get_request_config(m_req); + if (m_handler) { + if (!m_rc->hdr_out) + m_rc->hdr_out = ap_make_table(m_req->pool, 5); + ap_table_add(m_rc->hdr_out, name, value); + } + else +#endif + ap_table_add(m_req->err_headers_out, name, value); + } + long sendResponse(istream& in, long status) { + if (status != XMLTOOLING_HTTP_STATUS_OK) + m_req->status = status; + ap_send_http_header(m_req); + char buf[1024]; + while (in) { + in.read(buf,1024); + ap_rwrite(buf,in.gcount(),m_req); + } +#if (defined(SHIB_APACHE_20) || defined(SHIB_APACHE_22) || defined(SHIB_APACHE_24)) + if (status != XMLTOOLING_HTTP_STATUS_OK && status != XMLTOOLING_HTTP_STATUS_ERROR) + return status; +#endif + return DONE; + } + long sendRedirect(const char* url) { + HTTPResponse::sendRedirect(url); + ap_table_set(m_req->headers_out, "Location", url); + if (m_dc->bExpireRedirects != 0) { + ap_table_set(m_req->err_headers_out, "Expires", "Wed, 01 Jan 1997 12:00:00 GMT"); + ap_table_set(m_req->err_headers_out, "Cache-Control", "private,no-store,no-cache,max-age=0"); + } + return REDIRECT; + } + const vector& getClientCertificates() const { + if (m_certs.empty()) { + const char* cert = ap_table_get(m_req->subprocess_env, "SSL_CLIENT_CERT"); + if (cert) + m_certs.push_back(cert); + int i = 0; + do { + cert = ap_table_get(m_req->subprocess_env, ap_psprintf(m_req->pool, "SSL_CLIENT_CERT_CHAIN_%d", i++)); + if (cert) + m_certs.push_back(cert); + } while (cert); + } + return m_certs; + } + long returnDecline(void) { return DECLINED; } + long returnOK(void) { return OK; } +#if defined(SHIBSP_HAVE_GSSAPI) && !defined(SHIB_APACHE_13) + gss_ctx_id_t getGSSContext() const { + gss_ctx_id_t ctx = GSS_C_NO_CONTEXT; + apr_pool_userdata_get((void**)&ctx, g_szGSSContextKey, m_req->pool); + return ctx; + } + gss_name_t getGSSName() const { + if (m_gssname == GSS_C_NO_NAME) { + gss_ctx_id_t ctx = getGSSContext(); + if (ctx != GSS_C_NO_CONTEXT) { + OM_uint32 minor; + OM_uint32 major = gss_inquire_context(&minor, ctx, &m_gssname, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr); + if (major != GSS_S_COMPLETE) + m_gssname = GSS_C_NO_NAME; + } + } + return m_gssname; + } + #endif +}; + +/********************************************************************************/ +// Apache hooks + +#ifndef SHIB_APACHE_13 +extern "C" apr_status_t shib_request_cleanup(void* rc) +{ + if (rc && reinterpret_cast(rc)->sta) { + delete reinterpret_cast(reinterpret_cast(rc)->sta); + reinterpret_cast(rc)->sta = nullptr; + } + return APR_SUCCESS; +} +#endif + +// Initial look at a request - create the per-request structure if need be +static int shib_post_read(request_rec *r) +{ + shib_request_config* rc = get_request_config(r); +#ifdef SHIB_APACHE_24 + if (!rc->sta) { + rc->sta = new ShibTargetApache(r); + apr_pool_cleanup_register(r->pool, rc, shib_request_cleanup, apr_pool_cleanup_null); + } +#endif + return DECLINED; +} + +// Performs authentication and enforce session requirements. +// Also does header/env export from session, and will dispatch +// SP handler requests if it detects a handler URL. +extern "C" int shib_check_user(request_rec* r) +{ + // Short-circuit entirely? + if (((shib_dir_config*)ap_get_module_config(r->per_dir_config, &mod_shib))->bOff == 1) + return DECLINED; + + ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, SH_AP_R(r), "shib_check_user entered in pid (%d)", (int)getpid()); + + string threadid("["); + threadid += lexical_cast(getpid()) + "] shib_check_user"; + xmltooling::NDC ndc(threadid.c_str()); + + try { +#ifndef SHIB_APACHE_24 + ShibTargetApache sta(r); + ShibTargetApache* psta = &sta; +#else + shib_request_config* rc = (shib_request_config*)ap_get_module_config(r->request_config, &mod_shib); + if (!rc || !rc->sta) { + ap_log_rerror(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, SH_AP_R(r), "shib_check_user found no per-request structure"); + shib_post_read(r); // ensures objects are created if post_read hook didn't run + rc = (shib_request_config*)ap_get_module_config(r->request_config, &mod_shib); + } + ShibTargetApache* psta = rc->sta; +#endif + if (!psta->init(false, true)) { + ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, SH_AP_R(r), "shib_check_user unable to initialize SP request object"); + return SERVER_ERROR; + } + + // Check user authentication and export information, then set the handler bypass + pair res = psta->getServiceProvider().doAuthentication(*psta, true); + apr_pool_userdata_setn((const void*)42,g_UserDataKey,nullptr,r->pool); + // If directed, install a spoof key to recognize when we've already cleared headers. + if (!g_spoofKey.empty() && (((shib_dir_config*)ap_get_module_config(r->per_dir_config, &mod_shib))->bUseHeaders == 1)) + ap_table_set(r->headers_in, "Shib-Spoof-Check", g_spoofKey.c_str()); + if (res.first) { +#ifdef SHIB_APACHE_24 + // This is insane, but Apache's internal request.c logic insists that an auth module + // returning OK MUST set r->user to avoid a failure. But they check for NULL and not + // for an empty string. If this turns out to cause trouble, there's no solution except + // to set a dummy ID any time it's not set. + if (res.second == OK && !r->user) + r->user = ""; +#endif + return res.second; + } + + // user auth was okay -- export the session data now + res = psta->getServiceProvider().doExport(*psta); + if (res.first) { +#ifdef SHIB_APACHE_24 + // See above for explanation of this hack. + if (res.second == OK && !r->user) + r->user = ""; +#endif + return res.second; + } + +#ifdef SHIB_APACHE_24 + // See above for explanation of this hack. + if (!r->user) + r->user = ""; +#endif + return OK; + } + catch (std::exception& e) { + ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, SH_AP_R(r), "shib_check_user threw an exception: %s", e.what()); + return SERVER_ERROR; + } + catch (...) { + ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, SH_AP_R(r), "shib_check_user threw an unknown exception!"); + if (g_catchAll) + return SERVER_ERROR; + throw; + } +} + +// Runs SP handler requests when invoked directly. +extern "C" int shib_handler(request_rec* r) +{ + // Short-circuit entirely? + if (((shib_dir_config*)ap_get_module_config(r->per_dir_config, &mod_shib))->bOff == 1) + return DECLINED; + + string threadid("["); + threadid += lexical_cast(getpid()) + "] shib_handler"; + xmltooling::NDC ndc(threadid.c_str()); + +#ifndef SHIB_APACHE_13 + // With 2.x, this handler always runs, though last. + // We check if shib_check_user ran, because it will detect a handler request + // and dispatch it directly. + void* data; + apr_pool_userdata_get(&data,g_UserDataKey,r->pool); + if (data==(const void*)42) { + ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, SH_AP_R(r), "shib_handler skipped since check_user ran"); + return DECLINED; + } +#endif + + ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, SH_AP_R(r), "shib_handler entered in pid (%d): %s", (int)getpid(), r->handler); + + try { +#ifndef SHIB_APACHE_24 + ShibTargetApache sta(r); + ShibTargetApache* psta = &sta; +#else + shib_request_config* rc = (shib_request_config*)ap_get_module_config(r->request_config, &mod_shib); + if (!rc || !rc->sta) { + ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, SH_AP_R(r), "shib_handler found no per-request structure"); + shib_post_read(r); // ensures objects are created if post_read hook didn't run + rc = (shib_request_config*)ap_get_module_config(r->request_config, &mod_shib); + } + ShibTargetApache* psta = rc->sta; +#endif + if (!psta->init(true, false)) { + ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, SH_AP_R(r), "shib_handler unable to initialize SP request object"); + return SERVER_ERROR; + } + + pair res = psta->getServiceProvider().doHandler(*psta); + if (res.first) return res.second; + + ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, SH_AP_R(r), "doHandler() did not handle the request"); + return SERVER_ERROR; + } + catch (std::exception& e) { + ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, SH_AP_R(r), "shib_handler threw an exception: %s", e.what()); + return SERVER_ERROR; + } + catch (...) { + ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, SH_AP_R(r), "shib_handler threw an unknown exception!"); + if (g_catchAll) + return SERVER_ERROR; + throw; + } +} + +// This performs authorization functions to limit access. +// On all versions, this runs any RequestMap-attached plugins. +// For pre-2.4 versions, the RequestMap will always find an htAccess plugin +// that runs code to parse and enforce Apache Require rules. +// On 2.4, we have to short-circuit that and let Apache run callbacks +// for each Require rule we handle. +extern "C" int shib_auth_checker(request_rec* r) +{ + // Short-circuit entirely? + shib_dir_config* dc = (shib_dir_config*)ap_get_module_config(r->per_dir_config, &mod_shib); + if (dc->bOff == 1 +#ifdef SHIB_APACHE_24 + || dc->bRequestMapperAuthz == 0 // this allows for bypass of the full auth_checker hook if only htaccess is used +#endif + ) { + return DECLINED; + } + + ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, SH_AP_R(r), "shib_auth_checker entered in pid (%d)", (int)getpid()); + + string threadid("["); + threadid += lexical_cast(getpid()) + "] shib_auth_checker"; + xmltooling::NDC ndc(threadid.c_str()); + + try { +#ifndef SHIB_APACHE_24 + ShibTargetApache sta(r); + ShibTargetApache* psta = &sta; +#else + shib_request_config* rc = (shib_request_config*)ap_get_module_config(r->request_config, &mod_shib); + if (!rc || !rc->sta) { + ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, SH_AP_R(r), "shib_auth_checker found no per-request structure"); + return SERVER_ERROR; + } + ShibTargetApache* psta = rc->sta; +#endif + if (!psta->init(false, false)) { + ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, SH_AP_R(r), "shib_auth_checker unable to initialize SP request object"); + return SERVER_ERROR; + } + + pair res = psta->getServiceProvider().doAuthorization(*psta); + if (res.first) return res.second; + + // The SP method should always return true, so if we get this far, something unusual happened. + // Just let Apache (or some other module) decide what to do. + return DECLINED; + } + catch (std::exception& e) { + ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, SH_AP_R(r), "shib_auth_checker threw an exception: %s", e.what()); + return SERVER_ERROR; + } + catch (...) { + ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, SH_AP_R(r), "shib_auth_checker threw an unknown exception!"); + if (g_catchAll) + return SERVER_ERROR; + throw; + } +} + +// Overlays environment variables on top of subprocess table. +extern "C" int shib_fixups(request_rec* r) +{ + shib_dir_config *dc = (shib_dir_config*)ap_get_module_config(r->per_dir_config, &mod_shib); + if (dc->bOff==1 || dc->bUseEnvVars==0) + return DECLINED; + + ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, SH_AP_R(r), "shib_fixups entered in pid (%d)", (int)getpid()); + + shib_request_config *rc = (shib_request_config*)ap_get_module_config(r->request_config, &mod_shib); + if (rc==nullptr || rc->env==nullptr || ap_is_empty_table(rc->env)) + return DECLINED; + + ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, SH_AP_R(r), "shib_fixups adding %d vars", ap_table_elts(rc->env)->nelts); + r->subprocess_env = ap_overlay_tables(r->pool, r->subprocess_env, rc->env); + + return OK; +} + + +// Access control plugin that enforces pre-2.4 htaccess rules. +// Post-2.4, we have to register individual methods to respond +// to each require rule we want to handle, and have those call +// into these methods directly. +class htAccessControl : virtual public AccessControl +{ +public: + htAccessControl() {} + ~htAccessControl() {} + Lockable* lock() {return this;} + void unlock() {} + aclresult_t authorized(const SPRequest& request, const Session* session) const; + + aclresult_t doAccessControl(const ShibTargetApache& sta, const Session* session, const char* plugin) const; + aclresult_t doUser(const ShibTargetApache& sta, const char* params) const; +#ifndef SHIB_APACHE_24 + aclresult_t doGroup(const ShibTargetApache& sta, const char* params) const; +#endif + aclresult_t doAuthnContext(const ShibTargetApache& sta, const char* acRef, const char* params) const; + aclresult_t doShibAttr(const ShibTargetApache& sta, const Session* session, const char* rule, const char* params) const; + +private: + bool checkAttribute(const SPRequest& request, const Attribute* attr, const char* toMatch, RegularExpression* re) const; +}; + +AccessControl* htAccessFactory(const xercesc::DOMElement* const & e) +{ + return new htAccessControl(); +} + +AccessControl::aclresult_t htAccessControl::doAccessControl(const ShibTargetApache& sta, const Session* session, const char* plugin) const +{ + aclresult_t result = shib_acl_false; + try { + ifstream aclfile(plugin); + if (!aclfile) + throw ConfigurationException("Unable to open access control file ($1).", params(1, plugin)); + xercesc::DOMDocument* acldoc = XMLToolingConfig::getConfig().getParser().parse(aclfile); + XercesJanitor docjanitor(acldoc); + static XMLCh _type[] = UNICODE_LITERAL_4(t,y,p,e); + string t(XMLHelper::getAttrString(acldoc ? acldoc->getDocumentElement() : nullptr, nullptr, _type)); + if (t.empty()) + throw ConfigurationException("Missing type attribute in AccessControl plugin configuration."); + scoped_ptr aclplugin(SPConfig::getConfig().AccessControlManager.newPlugin(t.c_str(), acldoc->getDocumentElement())); + Locker acllock(aclplugin.get()); + result = aclplugin->authorized(sta, session); + } + catch (std::exception& ex) { + sta.log(SPRequest::SPError, ex.what()); + } + return result; +} + +AccessControl::aclresult_t htAccessControl::doUser(const ShibTargetApache& sta, const char* params) const +{ + bool regexp = false; + bool negated = false; + while (*params) { + const char* w = ap_getword_conf(sta.m_req->pool, ¶ms); + if (*w == '~') { + regexp = true; + continue; + } + else if (*w == '!') { + // A negated rule presumes success unless a match is found. + negated = true; + if (*(w+1) == '~') + regexp = true; + continue; + } + + // Figure out if there's a match. + bool match = false; + if (regexp) { + try { + // To do regex matching, we have to convert from UTF-8. + auto_arrayptr trans(fromUTF8(w)); + RegularExpression re(trans.get()); + auto_arrayptr trans2(fromUTF8(sta.getRemoteUser().c_str())); + match = re.matches(trans2.get()); + } + catch (XMLException& ex) { + auto_ptr_char tmp(ex.getMessage()); + sta.log(SPRequest::SPError, + string("htaccess plugin caught exception while parsing regular expression (") + w + "): " + tmp.get()); + } + } + else if (sta.getRemoteUser() == w) { + match = true; + } + + if (match) { + if (sta.isPriorityEnabled(SPRequest::SPDebug)) + sta.log(SPRequest::SPDebug, + string("htaccess: require user ") + (negated ? "rejecting (" : "accepting (") + sta.getRemoteUser() + ")"); + return (negated ? shib_acl_false : shib_acl_true); + } + } + return (negated ? shib_acl_true : shib_acl_false); +} + +#ifndef SHIB_APACHE_24 +static SH_AP_TABLE* groups_for_user(request_rec* r, const char* user, char* grpfile) +{ + SH_AP_CONFIGFILE* f; + SH_AP_TABLE* grps=ap_make_table(r->pool,15); + char l[MAX_STRING_LEN]; + const char *group_name, *ll, *w; + +#ifdef SHIB_APACHE_13 + if (!(f=ap_pcfg_openfile(r->pool, grpfile))) { +#else + if (ap_pcfg_openfile(&f,r->pool,grpfile) != APR_SUCCESS) { +#endif + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, SH_AP_R(r), "groups_for_user: could not open group file: %s\n", grpfile); + return nullptr; + } + + SH_AP_POOL* sp; +#ifdef SHIB_APACHE_13 + sp=ap_make_sub_pool(r->pool); +#else + if (apr_pool_create(&sp,r->pool) != APR_SUCCESS) { + ap_log_rerror(APLOG_MARK,APLOG_ERR,0,r, + "groups_for_user: could not create a subpool"); + return nullptr; + } +#endif + + while (!(ap_cfg_getline(l,MAX_STRING_LEN,f))) { + if ((*l=='#') || (!*l)) + continue; + ll = l; + ap_clear_pool(sp); + group_name = ap_getword(sp,&ll,':'); + while (*ll) { + w=ap_getword_conf(sp,&ll); + if (!strcmp(w,user)) { + ap_table_setn(grps,ap_pstrdup(r->pool,group_name),"in"); + break; + } + } + } + ap_cfg_closefile(f); + ap_destroy_pool(sp); + return grps; +} + +AccessControl::aclresult_t htAccessControl::doGroup(const ShibTargetApache& sta, const char* params) const +{ + SH_AP_TABLE* grpstatus = nullptr; + if (sta.m_dc->szAuthGrpFile) { + if (sta.isPriorityEnabled(SPRequest::SPDebug)) + sta.log(SPRequest::SPDebug, string("htaccess plugin using groups file: ") + sta.m_dc->szAuthGrpFile); + grpstatus = groups_for_user(sta.m_req, sta.getRemoteUser().c_str(), sta.m_dc->szAuthGrpFile); + } + + bool negated = false; + while (*params) { + const char* w = ap_getword_conf(sta.m_req->pool, ¶ms); + if (*w == '!') { + // A negated rule presumes success unless a match is found. + negated = true; + continue; + } + + if (grpstatus && ap_table_get(grpstatus, w)) { + // If we matched, then we're done with this rule either way and we flip status to reflect the outcome. + sta.log(SPRequest::SPDebug, string("htaccess: require group ") + (negated ? "rejecting (" : "accepting (") + w + ")"); + return (negated ? shib_acl_false : shib_acl_true); + } + } + + return (negated ? shib_acl_true : shib_acl_false); +} +#endif + +AccessControl::aclresult_t htAccessControl::doAuthnContext(const ShibTargetApache& sta, const char* ref, const char* params) const +{ + if (ref && *ref) { + bool regexp = false; + bool negated = false; + while (ref && *params) { + const char* w = ap_getword_conf(sta.m_req->pool, ¶ms); + if (*w == '~') { + regexp = true; + continue; + } + else if (*w == '!') { + // A negated rule presumes success unless a match is found. + negated = true; + if (*(w+1) == '~') + regexp = true; + continue; + } + + // Figure out if there's a match. + bool match = false; + if (regexp) { + try { + RegularExpression re(w); + match = re.matches(ref); + } + catch (XMLException& ex) { + auto_ptr_char tmp(ex.getMessage()); + sta.log(SPRequest::SPError, + string("htaccess plugin caught exception while parsing regular expression (") + w + "): " + tmp.get()); + } + } + else if (!strcmp(w, ref)) { + match = true; + } + + if (match) { + if (sta.isPriorityEnabled(SPRequest::SPDebug)) + sta.log(SPRequest::SPDebug, + string("htaccess: require authnContext ") + (negated ? "rejecting (" : "accepting (") + ref + ")"); + return (negated ? shib_acl_false : shib_acl_true); + } + } + return (negated ? shib_acl_true : shib_acl_false); + } + + if (sta.isPriorityEnabled(SPRequest::SPDebug)) + sta.log(SPRequest::SPDebug, "htaccess: require authnContext rejecting session with no context associated"); + return shib_acl_false; +} + +bool htAccessControl::checkAttribute(const SPRequest& request, const Attribute* attr, const char* toMatch, RegularExpression* re) const +{ + bool caseSensitive = attr->isCaseSensitive(); + const vector& vals = attr->getSerializedValues(); + for (vector::const_iterator v = vals.begin(); v != vals.end(); ++v) { + if (re) { + auto_arrayptr trans(fromUTF8(v->c_str())); + if (re->matches(trans.get())) { + if (request.isPriorityEnabled(SPRequest::SPDebug)) + request.log(SPRequest::SPDebug, string("htaccess: expecting regexp ") + toMatch + ", got " + *v + ": acccepted"); + return true; + } + } + else if ((caseSensitive && *v == toMatch) || (!caseSensitive && !strcasecmp(v->c_str(), toMatch))) { + if (request.isPriorityEnabled(SPRequest::SPDebug)) + request.log(SPRequest::SPDebug, string("htaccess: expecting ") + toMatch + ", got " + *v + ": accepted"); + return true; + } + else if (request.isPriorityEnabled(SPRequest::SPDebug)) { + request.log(SPRequest::SPDebug, string("htaccess: expecting ") + toMatch + ", got " + *v + ": rejected"); + } + } + return false; +} + +AccessControl::aclresult_t htAccessControl::doShibAttr(const ShibTargetApache& sta, const Session* session, const char* rule, const char* params) const +{ +#ifndef SHIB_APACHE_24 + // Look for the new shib-attr placeholder and move past it. + if (sta.m_dc->bCompatWith24 == 1 && rule && !strcmp(rule, "shib-attr")) { + if (*params) + rule = ap_getword_conf(sta.m_req->pool, ¶ms); + } +#endif + + // Find the attribute(s) matching the require rule. + pair::const_iterator,multimap::const_iterator> attrs = + session->getIndexedAttributes().equal_range(rule ? rule : ""); + + bool regexp = false; + while (attrs.first != attrs.second && *params) { + const char* w = ap_getword_conf(sta.m_req->pool, ¶ms); + if (*w == '~') { + regexp = true; + continue; + } + + try { + scoped_ptr re; + if (regexp) { + auto_arrayptr trans(fromUTF8(w)); + re.reset(new xercesc::RegularExpression(trans.get())); + } + + pair::const_iterator,multimap::const_iterator> attrs2(attrs); + for (; attrs2.first != attrs2.second; ++attrs2.first) { + if (checkAttribute(sta, attrs2.first->second, w, regexp ? re.get() : nullptr)) { + return shib_acl_true; + } + } + } + catch (XMLException& ex) { + auto_ptr_char tmp(ex.getMessage()); + sta.log(SPRequest::SPError, string("htaccess plugin caught exception while parsing regular expression (") + w + "): " + tmp.get()); + } + } + return shib_acl_false; +} + +AccessControl::aclresult_t htAccessControl::authorized(const SPRequest& request, const Session* session) const +{ +#ifdef SHIB_APACHE_24 + // We should never be invoked in 2.4 as an SP plugin. + throw ConfigurationException("Save my walrus!"); +#else + // Make sure the object is our type. + const ShibTargetApache* sta=dynamic_cast(&request); + if (!sta) + throw ConfigurationException("Request wrapper object was not of correct type."); + + int m = sta->m_req->method_number; + bool method_restricted = false; + const char *t, *w; + + const array_header* reqs_arr = ap_requires(sta->m_req); + if (!reqs_arr) + return shib_acl_indeterminate; // should never happen + + // Check for an "embedded" AccessControl plugin. + if (sta->m_dc->szAccessControl) { + aclresult_t result = doAccessControl(*sta, session, sta->m_dc->szAccessControl); + if (result == shib_acl_true && sta->m_dc->bRequireAll != 1) { + // If we're not insisting that all rules be met, then we're done. + request.log(SPRequest::SPDebug, "htaccess: embedded AccessControl plugin was successful, granting access"); + return shib_acl_true; + } + else if (result != shib_acl_true && sta->m_dc->bRequireAll == 1) { + // If we're insisting that all rules be met, which is not something Apache really handles well, + // then we either return false or indeterminate based on the authoritative option, which defaults on. + if (sta->m_dc->bAuthoritative != 0) { + request.log(SPRequest::SPDebug, "htaccess: embedded AccessControl plugin was unsuccessful, denying access"); + return shib_acl_false; + } + + request.log(SPRequest::SPDebug, "htaccess: embedded AccessControl plugin was unsuccessful but not authoritative, leaving it up to Apache"); + return shib_acl_indeterminate; + } + } + + require_line* reqs = (require_line*)reqs_arr->elts; + + for (int x = 0; x < reqs_arr->nelts; ++x) { + // This rule should be completely ignored, the method doesn't fit. + // The rule just doesn't exist for our purposes. + if (!(reqs[x].method_mask & (1 << m))) + continue; + + method_restricted = true; // this lets us know at the end that at least one rule was potentially enforcable. + + // Tracks status of this rule's evaluation. + bool status = false; + + string remote_user = request.getRemoteUser(); + + t = reqs[x].requirement; + w = ap_getword_white(sta->m_req->pool, &t); + + if (!strcasecmp(w,"shibboleth")) { + // This is a dummy rule needed because Apache conflates authn and authz. + // Without some require rule, AuthType is ignored and no check_user hooks run. + + // We evaluate to false if ShibAccessControl is used and ShibRequireAll is off. + // This allows actual rules to dictate the result, since ShibAccessControl returned + // non-true, and if nothing else is used, access will be denied. + if (!sta->m_dc->szAccessControl || sta->m_dc->bRequireAll == 1) { + // We evaluate to true, because ShibRequireAll is enabled (so a true is just a no-op) + // or because there was no other AccessControl rule in place, so this may be the only + // rule in effect. + status = true; + } + } + else if (!strcmp(w,"valid-user") && session) { + request.log(SPRequest::SPDebug, "htaccess: accepting valid-user based on active session"); + status = true; + } + else if (sta->m_dc->bCompatWith24 == 1 && !strcmp(w,"shib-session") && session) { + request.log(SPRequest::SPDebug, "htaccess: accepting shib-session based on active session"); + status = true; + } + else if (!strcmp(w,"user") && !remote_user.empty()) { + status = (doUser(*sta, t) == shib_acl_true); + } + else if (sta->m_dc->bCompatWith24 == 1 && !strcmp(w,"shib-user") && !remote_user.empty()) { + status = (doUser(*sta, t) == shib_acl_true); + } + else if (!strcmp(w,"group") && !remote_user.empty()) { + status = (doGroup(*sta, t) == shib_acl_true); + } + else if (!strcmp(w,"authnContextClassRef") || !strcmp(w,"authnContextDeclRef")) { + const char* ref = !strcmp(w, "authnContextClassRef") ? session->getAuthnContextClassRef() : session->getAuthnContextDeclRef(); + status = (doAuthnContext(*sta, ref, t) == shib_acl_true); + } + else if (!session) { + request.log(SPRequest::SPError, string("htaccess: require ") + w + " not given a valid session, are you using lazy sessions?"); + } + else if (sta->m_dc->bCompatWith24 == 1 && !strcmp(w,"shib-plugin")) { + w = ap_getword_conf(sta->m_req->pool, &t); + if (w) { + status = (doAccessControl(*sta, session, w) == shib_acl_true); + } + } + else { + status = (doShibAttr(*sta, session, w, t) == shib_acl_true); + } + + // If status is false, we found a rule we couldn't satisfy. + // Could be an unknown rule to us, or it just didn't match. + + if (status && sta->m_dc->bRequireAll != 1) { + // If we're not insisting that all rules be met, then we're done. + request.log(SPRequest::SPDebug, "htaccess: a rule was successful, granting access"); + return shib_acl_true; + } + else if (!status && sta->m_dc->bRequireAll == 1) { + // If we're insisting that all rules be met, which is not something Apache really handles well, + // then we either return false or indeterminate based on the authoritative option, which defaults on. + if (sta->m_dc->bAuthoritative != 0) { + request.log(SPRequest::SPDebug, "htaccess: a rule was unsuccessful, denying access"); + return shib_acl_false; + } + + request.log(SPRequest::SPDebug, "htaccess: a rule was unsuccessful but not authoritative, leaving it up to Apache"); + return shib_acl_indeterminate; + } + + // Otherwise, we keep going. If we're requring all, then we have to check every rule. + // If not we just didn't find a successful rule yet, so we keep going anyway. + } + + // If we get here, we either "failed" or we're in require all mode (but not both). + // If no rules possibly apply or we insisted that all rules check out, then we're good. + if (!method_restricted) { + request.log(SPRequest::SPDebug, "htaccess: no rules applied to this request method, granting access"); + return shib_acl_true; + } + else if (sta->m_dc->bRequireAll == 1) { + request.log(SPRequest::SPDebug, "htaccess: all rules successful, granting access"); + return shib_acl_true; + } + else if (sta->m_dc->bAuthoritative != 0) { + request.log(SPRequest::SPDebug, "htaccess: no rules were successful, denying access"); + return shib_acl_false; + } + + request.log(SPRequest::SPDebug, "htaccess: no rules were successful but not authoritative, leaving it up to Apache"); + return shib_acl_indeterminate; +#endif +} + +class ApacheRequestMapper : public virtual RequestMapper, public virtual PropertySet +{ +public: + ApacheRequestMapper(const xercesc::DOMElement* e); + ~ApacheRequestMapper() {} + Lockable* lock() { return m_mapper->lock(); } + void unlock() { m_staKey->setData(nullptr); m_propsKey->setData(nullptr); m_mapper->unlock(); } + Settings getSettings(const HTTPRequest& request) const; + + const PropertySet* getParent() const { return nullptr; } + void setParent(const PropertySet*) {} + pair getBool(const char* name, const char* ns=nullptr) const; + pair getString(const char* name, const char* ns=nullptr) const; + pair getXMLString(const char* name, const char* ns=nullptr) const; + pair getUnsignedInt(const char* name, const char* ns=nullptr) const; + pair getInt(const char* name, const char* ns=nullptr) const; + void getAll(map& properties) const; + const PropertySet* getPropertySet(const char* name, const char* ns=shibspconstants::ASCII_SHIB2SPCONFIG_NS) const; + const xercesc::DOMElement* getElement() const; + + const htAccessControl& getHTAccessControl() const { return m_htaccess; } + +private: + scoped_ptr m_mapper; + scoped_ptr m_staKey,m_propsKey; + mutable htAccessControl m_htaccess; +}; + +RequestMapper* ApacheRequestMapFactory(const xercesc::DOMElement* const & e) +{ + return new ApacheRequestMapper(e); +} + +ApacheRequestMapper::ApacheRequestMapper(const xercesc::DOMElement* e) + : m_mapper(SPConfig::getConfig().RequestMapperManager.newPlugin(XML_REQUEST_MAPPER,e)), + m_staKey(ThreadKey::create(nullptr)), m_propsKey(ThreadKey::create(nullptr)) +{ +} + +RequestMapper::Settings ApacheRequestMapper::getSettings(const HTTPRequest& request) const +{ + Settings s = m_mapper->getSettings(request); + m_staKey->setData((void*)dynamic_cast(&request)); + m_propsKey->setData((void*)s.first); + // Only return the htAccess plugin for pre-2.4 servers. +#ifdef SHIB_APACHE_24 + return pair(this, s.second); +#else + return pair(this, s.second ? s.second : &m_htaccess); +#endif +} + +pair ApacheRequestMapper::getBool(const char* name, const char* ns) const +{ + const ShibTargetApache* sta=reinterpret_cast(m_staKey->getData()); + const PropertySet* s=reinterpret_cast(m_propsKey->getData()); + if (sta && !ns) { + // Override Apache-settable boolean properties. + if (name && !strcmp(name,"requireSession") && sta->m_dc->bRequireSession != -1) + return make_pair(true, sta->m_dc->bRequireSession==1); + else if (name && !strcmp(name,"exportAssertion") && sta->m_dc->bExportAssertion != -1) + return make_pair(true, sta->m_dc->bExportAssertion==1); + else if (sta->m_dc->tSettings) { + const char* prop = ap_table_get(sta->m_dc->tSettings, name); + if (prop) + return make_pair(true, !strcmp(prop, "true") || !strcmp(prop, "1") || !strcmp(prop, "On")); + } + } + return s ? s->getBool(name,ns) : make_pair(false,false); +} + +pair ApacheRequestMapper::getString(const char* name, const char* ns) const +{ + const ShibTargetApache* sta=reinterpret_cast(m_staKey->getData()); + const PropertySet* s=reinterpret_cast(m_propsKey->getData()); + if (sta && !ns) { + // Override Apache-settable string properties. + if (name && !strcmp(name,"authType")) { + const char* auth_type = ap_auth_type(sta->m_req); + if (auth_type) { + // Check for Basic Hijack + if (!strcasecmp(auth_type, "basic") && sta->m_dc->bBasicHijack == 1) + auth_type = "shibboleth"; + return make_pair(true, auth_type); + } + } + else if (name && !strcmp(name,"applicationId") && sta->m_dc->szApplicationId) + return pair(true,sta->m_dc->szApplicationId); + else if (name && !strcmp(name,"requireSessionWith") && sta->m_dc->szRequireWith) + return pair(true,sta->m_dc->szRequireWith); + else if (name && !strcmp(name,"redirectToSSL") && sta->m_dc->szRedirectToSSL) + return pair(true,sta->m_dc->szRedirectToSSL); + else if (sta->m_dc->tSettings) { + const char* prop = ap_table_get(sta->m_dc->tSettings, name); + if (prop) + return make_pair(true, prop); + } + } + return s ? s->getString(name,ns) : pair(false,nullptr); +} + +pair ApacheRequestMapper::getXMLString(const char* name, const char* ns) const +{ + const PropertySet* s=reinterpret_cast(m_propsKey->getData()); + return s ? s->getXMLString(name,ns) : pair(false,nullptr); +} + +pair ApacheRequestMapper::getUnsignedInt(const char* name, const char* ns) const +{ + const ShibTargetApache* sta=reinterpret_cast(m_staKey->getData()); + const PropertySet* s=reinterpret_cast(m_propsKey->getData()); + if (sta && !ns) { + // Override Apache-settable int properties. + if (name && !strcmp(name,"redirectToSSL") && sta->m_dc->szRedirectToSSL) + return pair(true, strtol(sta->m_dc->szRedirectToSSL, nullptr, 10)); + else if (sta->m_dc->tSettings) { + const char* prop = ap_table_get(sta->m_dc->tSettings, name); + if (prop) + return pair(true, atoi(prop)); + } + } + return s ? s->getUnsignedInt(name,ns) : pair(false,0); +} + +pair ApacheRequestMapper::getInt(const char* name, const char* ns) const +{ + const ShibTargetApache* sta=reinterpret_cast(m_staKey->getData()); + const PropertySet* s=reinterpret_cast(m_propsKey->getData()); + if (sta && !ns) { + // Override Apache-settable int properties. + if (name && !strcmp(name,"redirectToSSL") && sta->m_dc->szRedirectToSSL) + return pair(true,atoi(sta->m_dc->szRedirectToSSL)); + else if (sta->m_dc->tSettings) { + const char* prop = ap_table_get(sta->m_dc->tSettings, name); + if (prop) + return make_pair(true, atoi(prop)); + } + } + return s ? s->getInt(name,ns) : pair(false,0); +} + +static int _rm_get_all_table_walk(void *v, const char *key, const char *value) +{ + reinterpret_cast*>(v)->insert(pair(key, value)); + return 1; +} + +void ApacheRequestMapper::getAll(map& properties) const +{ + const ShibTargetApache* sta=reinterpret_cast(m_staKey->getData()); + const PropertySet* s=reinterpret_cast(m_propsKey->getData()); + + if (s) + s->getAll(properties); + if (!sta) + return; + + const char* auth_type=ap_auth_type(sta->m_req); + if (auth_type) { + // Check for Basic Hijack + if (!strcasecmp(auth_type, "basic") && sta->m_dc->bBasicHijack == 1) + auth_type = "shibboleth"; + properties["authType"] = auth_type; + } + + if (sta->m_dc->szApplicationId) + properties["applicationId"] = sta->m_dc->szApplicationId; + if (sta->m_dc->szRequireWith) + properties["requireSessionWith"] = sta->m_dc->szRequireWith; + if (sta->m_dc->szRedirectToSSL) + properties["redirectToSSL"] = sta->m_dc->szRedirectToSSL; + if (sta->m_dc->bRequireSession != 0) + properties["requireSession"] = (sta->m_dc->bRequireSession==1) ? "true" : "false"; + if (sta->m_dc->bExportAssertion != 0) + properties["exportAssertion"] = (sta->m_dc->bExportAssertion==1) ? "true" : "false"; + + if (sta->m_dc->tSettings) + ap_table_do(_rm_get_all_table_walk, &properties, sta->m_dc->tSettings, NULL); +} + +const PropertySet* ApacheRequestMapper::getPropertySet(const char* name, const char* ns) const +{ + const PropertySet* s=reinterpret_cast(m_propsKey->getData()); + return s ? s->getPropertySet(name,ns) : nullptr; +} + +const xercesc::DOMElement* ApacheRequestMapper::getElement() const +{ + const PropertySet* s=reinterpret_cast(m_propsKey->getData()); + return s ? s->getElement() : nullptr; +} + +// Authz callbacks for Apache 2.4 +// For some reason, these get run twice for each request, once before hooks like check_user, etc. +// and once after. The first time through, the request object exists, but isn't initialized. +// The other case is subrequests of some kinds: then post_read doesn't run, and the objects +// themselves don't exist. We do deferred creation of the objects in check_user to fix that case. +// In each screwed up case, we return "denied" so that nothing bad happens. +#ifdef SHIB_APACHE_24 +pair shib_base_check_authz(request_rec* r) +{ + shib_request_config* rc = (shib_request_config*)ap_get_module_config(r->request_config, &mod_shib); + if (!rc || !rc->sta) { + ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, SH_AP_R(r), "shib_base_check_authz found no per-request structure"); + return make_pair((ShibTargetApache*)nullptr, AUTHZ_DENIED_NO_USER); + } + else if (!rc->sta->isInitialized()) { + ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, SH_AP_R(r), "shib_base_check_authz found uninitialized request object"); + return make_pair((ShibTargetApache*)nullptr, AUTHZ_DENIED_NO_USER); + } + return make_pair(rc->sta, AUTHZ_GRANTED); +} + +extern "C" authz_status shib_shibboleth_check_authz(request_rec* r, const char* require_line, const void*) +{ + pair sta = shib_base_check_authz(r); + if (!sta.first) + return sta.second; + return AUTHZ_GRANTED; +} + +extern "C" authz_status shib_session_check_authz(request_rec* r, const char* require_line, const void*) +{ + pair sta = shib_base_check_authz(r); + if (!sta.first) + return sta.second; + + try { + Session* session = sta.first->getSession(false, true, false); + Locker slocker(session, false); + if (session) { + sta.first->log(SPRequest::SPDebug, "htaccess: accepting shib-session/valid-user based on active session"); + return AUTHZ_GRANTED; + } + } + catch (std::exception& e) { + sta.first->log(SPRequest::SPWarn, string("htaccess: unable to obtain session for access control check: ") + e.what()); + } + + sta.first->log(SPRequest::SPDebug, "htaccess: denying shib-access/valid-user rule, no active session"); + return AUTHZ_DENIED_NO_USER; +} + +extern "C" authz_status shib_validuser_check_authz(request_rec* r, const char* require_line, const void*) +{ + // Shouldn't have actually ever hooked this, and now we're in conflict with mod_authz_user over the meaning. + // For now, added a command to restore "normal" semantics for valid-user so that combined deployments can + // use valid-user for non-Shibboleth cases and shib-session for the Shibboleth semantic. + + // In future, we may want to expose the AuthType set to honor down at this level so we can differentiate + // based on AuthType. Unfortunately we allow overriding the AuthType to honor and we don't have access to + // that setting from the ServiceProvider class.. + + shib_server_config* sc = (shib_server_config*)ap_get_module_config(r->server->module_config, &mod_shib); + if (sc->bCompatValidUser != 1) { + return shib_session_check_authz(r, require_line, nullptr); + } + + // Reproduce mod_authz_user version... + + if (!r->user) { + return AUTHZ_DENIED_NO_USER; + } + + return AUTHZ_GRANTED; +} + +extern "C" authz_status shib_ext_user_check_authz(request_rec* r, const char* require_line, const void*) +{ + pair sta = shib_base_check_authz(r); + if (!sta.first) + return sta.second; + + const htAccessControl& hta = dynamic_cast(sta.first->getRequestSettings().first)->getHTAccessControl(); + if (hta.doUser(*sta.first, require_line) == AccessControl::shib_acl_true) + return AUTHZ_GRANTED; + return AUTHZ_DENIED; +} + +extern "C" authz_status shib_user_check_authz(request_rec* r, const char* require_line, const void*) +{ + // Shouldn't have actually ever hooked this, and now we're in conflict with mod_authz_user over the meaning. + // For now, added a command to restore "normal" semantics for user rules so that combined deployments can + // use user for non-Shibboleth cases and shib-user for the Shibboleth semantic. + + // In future, we may want to expose the AuthType set to honor down at this level so we can differentiate + // based on AuthType. Unfortunately we allow overriding the AuthType to honor and we don't have access to + // that setting from the ServiceProvider class.. + + shib_server_config* sc = (shib_server_config*)ap_get_module_config(r->server->module_config, &mod_shib); + if (sc->bCompatValidUser != 1) { + return shib_ext_user_check_authz(r, require_line, nullptr); + } + + // Reproduce mod_authz_user version... + + if (!r->user) { + return AUTHZ_DENIED_NO_USER; + } + + const char* t = require_line; + const char *w; + while ((w = ap_getword_conf(r->pool, &t)) && w[0]) { + if (!strcmp(r->user, w)) { + return AUTHZ_GRANTED; + } + } + + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01663) + "access to %s failed, reason: user '%s' does not meet " + "'require'ments for user to be allowed access", + r->uri, r->user); + + return AUTHZ_DENIED; +} + +extern "C" authz_status shib_acclass_check_authz(request_rec* r, const char* require_line, const void*) +{ + pair sta = shib_base_check_authz(r); + if (!sta.first) + return sta.second; + + const htAccessControl& hta = dynamic_cast(sta.first->getRequestSettings().first)->getHTAccessControl(); + + try { + Session* session = sta.first->getSession(false, true, false); + Locker slocker(session, false); + if (session && hta.doAuthnContext(*sta.first, session->getAuthnContextClassRef(), require_line) == AccessControl::shib_acl_true) + return AUTHZ_GRANTED; + return session ? AUTHZ_DENIED : AUTHZ_DENIED_NO_USER; + } + catch (std::exception& e) { + sta.first->log(SPRequest::SPWarn, string("htaccess: unable to obtain session for access control check: ") + e.what()); + } + + return AUTHZ_GENERAL_ERROR; +} + +extern "C" authz_status shib_acdecl_check_authz(request_rec* r, const char* require_line, const void*) +{ + pair sta = shib_base_check_authz(r); + if (!sta.first) + return sta.second; + + const htAccessControl& hta = dynamic_cast(sta.first->getRequestSettings().first)->getHTAccessControl(); + + try { + Session* session = sta.first->getSession(false, true, false); + Locker slocker(session, false); + if (session && hta.doAuthnContext(*sta.first, session->getAuthnContextDeclRef(), require_line) == AccessControl::shib_acl_true) + return AUTHZ_GRANTED; + return session ? AUTHZ_DENIED : AUTHZ_DENIED_NO_USER; + } + catch (std::exception& e) { + sta.first->log(SPRequest::SPWarn, string("htaccess: unable to obtain session for access control check: ") + e.what()); + } + + return AUTHZ_GENERAL_ERROR; +} + +extern "C" authz_status shib_attr_check_authz(request_rec* r, const char* require_line, const void*) +{ + pair sta = shib_base_check_authz(r); + if (!sta.first) + return sta.second; + + const htAccessControl& hta = dynamic_cast(sta.first->getRequestSettings().first)->getHTAccessControl(); + + try { + Session* session = sta.first->getSession(false, true, false); + Locker slocker(session, false); + if (session) { + const char* rule = ap_getword_conf(r->pool, &require_line); + if (rule && hta.doShibAttr(*sta.first, session, rule, require_line) == AccessControl::shib_acl_true) + return AUTHZ_GRANTED; + } + return session ? AUTHZ_DENIED : AUTHZ_DENIED_NO_USER; + } + catch (std::exception& e) { + sta.first->log(SPRequest::SPWarn, string("htaccess: unable to obtain session for access control check: ") + e.what()); + } + + return AUTHZ_GENERAL_ERROR; +} + +extern "C" authz_status shib_plugin_check_authz(request_rec* r, const char* require_line, const void*) +{ + pair sta = shib_base_check_authz(r); + if (!sta.first) + return sta.second; + + const htAccessControl& hta = dynamic_cast(sta.first->getRequestSettings().first)->getHTAccessControl(); + + try { + Session* session = sta.first->getSession(false, true, false); + Locker slocker(session, false); + if (session) { + const char* config = ap_getword_conf(r->pool, &require_line); + if (config && hta.doAccessControl(*sta.first, session, config) == AccessControl::shib_acl_true) + return AUTHZ_GRANTED; + } + return session ? AUTHZ_DENIED : AUTHZ_DENIED_NO_USER; + } + catch (std::exception& e) { + sta.first->log(SPRequest::SPWarn, string("htaccess: unable to obtain session for access control check: ") + e.what()); + } + + return AUTHZ_GENERAL_ERROR; +} +#endif + +// Command manipulation functions + +extern "C" const char* ap_set_global_string_slot(cmd_parms* parms, void*, const char* arg) +{ + *((char**)(parms->info))=ap_pstrdup(parms->pool,arg); + return nullptr; +} + +extern "C" const char* shib_set_server_string_slot(cmd_parms* parms, void*, const char* arg) +{ + char* base=(char*)ap_get_module_config(parms->server->module_config,&mod_shib); + size_t offset=(size_t)parms->info; + *((char**)(base + offset))=ap_pstrdup(parms->pool,arg); + return nullptr; +} + +extern "C" const char* shib_set_server_flag_slot(cmd_parms* parms, void*, int arg) +{ + char* base=(char*)ap_get_module_config(parms->server->module_config,&mod_shib); + size_t offset=(size_t)parms->info; + *((int*)(base + offset)) = arg; + return nullptr; +} + +extern "C" const char* shib_ap_set_file_slot(cmd_parms* parms, +#ifdef SHIB_APACHE_13 + char* arg1, char* arg2 +#else + void* arg1, const char* arg2 +#endif + ) +{ + ap_set_file_slot(parms, arg1, arg2); + return DECLINE_CMD; +} + +extern "C" const char* shib_table_set(cmd_parms* parms, shib_dir_config* dc, const char* arg1, const char* arg2) +{ + if (!dc->tSettings) + dc->tSettings = ap_make_table(parms->pool, 4); + ap_table_set(dc->tSettings, arg1, arg2); + return nullptr; +} + +#ifndef SHIB_APACHE_24 +extern "C" const char* shib_set_acl_slot(cmd_parms* params, shib_dir_config* dc, char* arg) +{ + bool absolute; + switch (*arg) { + case 0: + absolute = false; + break; + case '/': + case '\\': + absolute = true; + break; + case '.': + absolute = (*(arg+1) == '.' || *(arg+1) == '/' || *(arg+1) == '\\'); + break; + default: + absolute = *(arg+1) == ':'; + } + + if (absolute || !params->path) + dc->szAccessControl = ap_pstrdup(params->pool, arg); + else + dc->szAccessControl = ap_pstrcat(params->pool, params->path, arg, NULL); + return nullptr; +} +#endif + + +#ifdef SHIB_APACHE_13 +/* + * shib_child_exit() + * Cleanup the (per-process) pool info. + */ +extern "C" void shib_child_exit(server_rec* s, SH_AP_POOL* p) +{ + if (g_Config) { + g_Config->term(); + g_Config = nullptr; + } + ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, SH_AP_R(s), "child_exit: mod_shib shutdown in pid (%d)", (int)getpid()); +} +#else +/* + * shib_exit() + * Apache 2.x doesn't allow for per-child cleanup, causes CGI forks to hang. + */ +extern "C" apr_status_t shib_exit(void* data) +{ + if (g_Config) { + g_Config->term(); + g_Config = nullptr; + } + server_rec* s = reinterpret_cast(data); + ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, SH_AP_R(s), "shib_exit: mod_shib shutdown in pid (%d)", (int)getpid()); + return OK; +} + +/* + * shib_post_config() + * We do the library init/term work here for 2.x to reduce overhead and + * get default logging established before the fork happens. + */ +apr_status_t shib_post_config(apr_pool_t* p, apr_pool_t*, apr_pool_t*, server_rec* s) +{ + // Initialize runtime components. + ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, SH_AP_R(s),"post_config: mod_shib initializing in pid (%d)", (int)getpid()); + + if (g_Config) { + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, SH_AP_R(s), "post_config: mod_shib already initialized"); + return !OK; + } + + g_Config = &SPConfig::getConfig(); + g_Config->setFeatures( + SPConfig::Listener | + SPConfig::Caching | + SPConfig::RequestMapping | + SPConfig::InProcess | + SPConfig::Logging | + SPConfig::Handlers + ); + if (!g_Config->init(g_szSchemaDir, g_szPrefix)) { + ap_log_error(APLOG_MARK, APLOG_CRIT|APLOG_NOERRNO, SH_AP_R(s), "post_config: mod_shib failed to initialize libraries"); + return !OK; + } +#ifndef SHIB_APACHE_24 + g_Config->AccessControlManager.registerFactory(HT_ACCESS_CONTROL, &htAccessFactory); +#endif + g_Config->RequestMapperManager.registerFactory(NATIVE_REQUEST_MAPPER, &ApacheRequestMapFactory); + + // Set the cleanup handler, passing in the server_rec for logging. + apr_pool_cleanup_register(p, s, &shib_exit, apr_pool_cleanup_null); + + return OK; +} + +#endif + +/* + * shib_child_init() + * Things to do when the child process is initialized. + * We can't use post-config for all of it on 2.x because only the forking thread shows + * up in the child, losing the internal threads spun up by plugins in the SP. + */ +#ifdef SHIB_APACHE_13 +extern "C" void shib_child_init(server_rec* s, SH_AP_POOL* p) +#else +extern "C" void shib_child_init(apr_pool_t* p, server_rec* s) +#endif +{ + // Initialize runtime components. + + ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, SH_AP_R(s),"child_init: mod_shib initializing in pid (%d)", (int)getpid()); + + // 2.x versions have already initialized the libraries. +#ifdef SHIB_APACHE_13 + if (g_Config) { + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, SH_AP_R(s), "child_init: mod_shib already initialized, exiting"); + exit(1); + } + + g_Config = &SPConfig::getConfig(); + g_Config->setFeatures( + SPConfig::Listener | + SPConfig::Caching | + SPConfig::RequestMapping | + SPConfig::InProcess | + SPConfig::Logging | + SPConfig::Handlers + ); + if (!g_Config->init(g_szSchemaDir, g_szPrefix)) { + ap_log_error(APLOG_MARK, APLOG_CRIT|APLOG_NOERRNO, SH_AP_R(s), "child_init: mod_shib failed to initialize libraries"); + exit(1); + } + g_Config->AccessControlManager.registerFactory(HT_ACCESS_CONTROL, &htAccessFactory); + g_Config->RequestMapperManager.registerFactory(NATIVE_REQUEST_MAPPER, &ApacheRequestMapFactory); +#endif + + // The config gets installed for all versions here due to the background thread/fork issues. + try { + if (!g_Config->instantiate(g_szSHIBConfig, true)) + throw runtime_error("unknown error"); + } + catch (std::exception& ex) { + ap_log_error(APLOG_MARK, APLOG_CRIT|APLOG_NOERRNO, SH_AP_R(s), "child_init: mod_shib failed to load configuration: %s", ex.what()); + g_Config->term(); + exit(1); + } + + ServiceProvider* sp = g_Config->getServiceProvider(); + xmltooling::Locker locker(sp); + const PropertySet* props = sp->getPropertySet("InProcess"); + if (props) { + pair unsetValue = props->getString("unsetHeaderValue"); + if (unsetValue.first) + g_unsetHeaderValue = unsetValue.second; + pair flag=props->getBool("checkSpoofing"); + g_checkSpoofing = !flag.first || flag.second; + if (g_checkSpoofing) { + unsetValue=props->getString("spoofKey"); + if (unsetValue.first) + g_spoofKey = unsetValue.second; + } + flag=props->getBool("catchAll"); + g_catchAll = flag.first && flag.second; + } + + // Set the cleanup handler, passing in the server_rec for logging. + apr_pool_cleanup_register(p, s, &shib_exit, apr_pool_cleanup_null); + + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, SH_AP_R(s), "child_init: mod_shib config initialized"); +} + +// Output filters +#ifdef SHIB_DEFERRED_HEADERS +static void set_output_filter(request_rec *r) +{ + ap_add_output_filter("SHIB_HEADERS_OUT", nullptr, r, r->connection); +} + +static void set_error_filter(request_rec *r) +{ + ap_add_output_filter("SHIB_HEADERS_ERR", nullptr, r, r->connection); +} + +static int _table_add(void *v, const char *key, const char *value) +{ + apr_table_addn((apr_table_t*)v, key, value); + return 1; +} + +static apr_status_t do_output_filter(ap_filter_t *f, apr_bucket_brigade *in) +{ + request_rec *r = f->r; + shib_request_config *rc = (shib_request_config*) ap_get_module_config(r->request_config, &mod_shib); + + if (rc && rc->hdr_out) { + ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, SH_AP_R(r), "output_filter: merging %d headers", apr_table_elts(rc->hdr_out)->nelts); + // can't use overlap call because it will collapse Set-Cookie headers + //apr_table_overlap(r->headers_out, rc->hdr_out, APR_OVERLAP_TABLES_MERGE); + apr_table_do(_table_add,r->headers_out, rc->hdr_out,NULL); + } + + /* remove ourselves from the filter chain */ + ap_remove_output_filter(f); + + /* send the data up the stack */ + return ap_pass_brigade(f->next,in); +} + +static apr_status_t do_error_filter(ap_filter_t *f, apr_bucket_brigade *in) +{ + request_rec *r = f->r; + shib_request_config *rc = (shib_request_config*) ap_get_module_config(r->request_config, &mod_shib); + + if (rc && rc->hdr_out) { + ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, SH_AP_R(r), "error_filter: merging %d headers", apr_table_elts(rc->hdr_out)->nelts); + // can't use overlap call because it will collapse Set-Cookie headers + //apr_table_overlap(r->err_headers_out, rc->hdr_out, APR_OVERLAP_TABLES_MERGE); + apr_table_do(_table_add,r->err_headers_out, rc->hdr_out,NULL); + } + + /* remove ourselves from the filter chain */ + ap_remove_output_filter(f); + + /* send the data up the stack */ + return ap_pass_brigade(f->next,in); +} +#endif // SHIB_DEFERRED_HEADERS + +typedef const char* (*config_fn_t)(void); + +#ifdef SHIB_APACHE_13 + +// SHIB Module commands + +static command_rec shire_cmds[] = { + {"ShibPrefix", (config_fn_t)ap_set_global_string_slot, &g_szPrefix, + RSRC_CONF, TAKE1, "Shibboleth installation directory"}, + {"ShibConfig", (config_fn_t)ap_set_global_string_slot, &g_szSHIBConfig, + RSRC_CONF, TAKE1, "Path to shibboleth2.xml config file"}, + {"ShibCatalogs", (config_fn_t)ap_set_global_string_slot, &g_szSchemaDir, + RSRC_CONF, TAKE1, "Paths of XML schema catalogs"}, + + {"ShibURLScheme", (config_fn_t)shib_set_server_string_slot, + (void *) XtOffsetOf (shib_server_config, szScheme), + RSRC_CONF, TAKE1, "URL scheme to force into generated URLs for a vhost"}, + + {"ShibRequestSetting", (config_fn_t)shib_table_set, nullptr, + OR_AUTHCFG, TAKE2, "Set arbitrary Shibboleth request property for content"}, + + {"ShibAccessControl", (config_fn_t)shib_set_acl_slot, nullptr, + OR_AUTHCFG, TAKE1, "Set arbitrary Shibboleth access control plugin for content"}, + + {"ShibDisable", (config_fn_t)ap_set_flag_slot, + (void *) XtOffsetOf (shib_dir_config, bOff), + OR_AUTHCFG, FLAG, "Disable all Shib module activity here to save processing effort"}, + {"ShibApplicationId", (config_fn_t)ap_set_string_slot, + (void *) XtOffsetOf (shib_dir_config, szApplicationId), + OR_AUTHCFG, TAKE1, "Set Shibboleth applicationId property for content"}, + {"ShibBasicHijack", (config_fn_t)ap_set_flag_slot, + (void *) XtOffsetOf (shib_dir_config, bBasicHijack), + OR_AUTHCFG, FLAG, "(DEPRECATED) Respond to AuthType Basic and convert to shibboleth"}, + {"ShibRequireSession", (config_fn_t)ap_set_flag_slot, + (void *) XtOffsetOf (shib_dir_config, bRequireSession), + OR_AUTHCFG, FLAG, "Initiates a new session if one does not exist"}, + {"ShibRequireSessionWith", (config_fn_t)ap_set_string_slot, + (void *) XtOffsetOf (shib_dir_config, szRequireWith), + OR_AUTHCFG, TAKE1, "Initiates a new session if one does not exist using a specific SessionInitiator"}, + {"ShibExportAssertion", (config_fn_t)ap_set_flag_slot, + (void *) XtOffsetOf (shib_dir_config, bExportAssertion), + OR_AUTHCFG, FLAG, "Export SAML attribute assertion(s) to Shib-Attributes header"}, + {"ShibRedirectToSSL", (config_fn_t)ap_set_string_slot, + (void *) XtOffsetOf (shib_dir_config, szRedirectToSSL), + OR_AUTHCFG, TAKE1, "Redirect non-SSL requests to designated port" }, + {"AuthGroupFile", (config_fn_t)shib_ap_set_file_slot, + (void *) XtOffsetOf (shib_dir_config, szAuthGrpFile), + OR_AUTHCFG, TAKE1, "text file containing group names and member user IDs"}, + {"ShibRequireAll", (config_fn_t)ap_set_flag_slot, + (void *) XtOffsetOf (shib_dir_config, bRequireAll), + OR_AUTHCFG, FLAG, "All require directives must match"}, + {"AuthzShibAuthoritative", (config_fn_t)ap_set_flag_slot, + (void *) XtOffsetOf (shib_dir_config, bAuthoritative), + OR_AUTHCFG, FLAG, "Allow failed mod_shib htaccess authorization to fall through to other modules"}, + {"ShibCompatWith24", (config_fn_t)ap_set_flag_slot, + (void *) XtOffsetOf (shib_dir_config, bCompatWith24), + OR_AUTHCFG, FLAG, "Support Apache 2.4-style require rules"}, + {"ShibUseEnvironment", (config_fn_t)ap_set_flag_slot, + (void *) XtOffsetOf (shib_dir_config, bUseEnvVars), + OR_AUTHCFG, FLAG, "Export attributes using environment variables (default)"}, + {"ShibUseHeaders", (config_fn_t)ap_set_flag_slot, + (void *) XtOffsetOf (shib_dir_config, bUseHeaders), + OR_AUTHCFG, FLAG, "Export attributes using custom HTTP headers"}, + {"ShibExpireRedirects", (config_fn_t)ap_set_flag_slot, + (void *) XtOffsetOf (shib_dir_config, bExpireRedirects), + OR_AUTHCFG, FLAG, "Expire SP-generated redirects"}, + + {nullptr} +}; + +extern "C"{ +handler_rec shib_handlers[] = { + { "shib-handler", shib_handler }, + { nullptr } +}; + +module MODULE_VAR_EXPORT mod_shib = { + STANDARD_MODULE_STUFF, + nullptr, /* initializer */ + create_shib_dir_config, /* dir config creater */ + merge_shib_dir_config, /* dir merger --- default is to override */ + create_shib_server_config, /* server config */ + merge_shib_server_config, /* merge server config */ + shire_cmds, /* command table */ + shib_handlers, /* handlers */ + nullptr, /* filename translation */ + shib_check_user, /* check_user_id */ + shib_auth_checker, /* check auth */ + nullptr, /* check access */ + nullptr, /* type_checker */ + shib_fixups, /* fixups */ + nullptr, /* logger */ + nullptr, /* header parser */ + shib_child_init, /* child_init */ + shib_child_exit, /* child_exit */ + shib_post_read /* post read-request */ +}; + +#else + +#ifdef SHIB_APACHE_24 +extern "C" const authz_provider shib_authz_shibboleth_provider = { &shib_shibboleth_check_authz, nullptr }; +extern "C" const authz_provider shib_authz_validuser_provider = { &shib_validuser_check_authz, nullptr }; +extern "C" const authz_provider shib_authz_session_provider = { &shib_session_check_authz, nullptr }; +extern "C" const authz_provider shib_authz_user_provider = { &shib_user_check_authz, nullptr }; +extern "C" const authz_provider shib_authz_ext_user_provider = { &shib_ext_user_check_authz, nullptr }; +extern "C" const authz_provider shib_authz_acclass_provider = { &shib_acclass_check_authz, nullptr }; +extern "C" const authz_provider shib_authz_acdecl_provider = { &shib_acdecl_check_authz, nullptr }; +extern "C" const authz_provider shib_authz_attr_provider = { &shib_attr_check_authz, nullptr }; +extern "C" const authz_provider shib_authz_plugin_provider = { &shib_plugin_check_authz, nullptr }; +#endif + +extern "C" void shib_register_hooks (apr_pool_t *p) +{ +#ifdef SHIB_DEFERRED_HEADERS + ap_register_output_filter("SHIB_HEADERS_OUT", do_output_filter, nullptr, AP_FTYPE_CONTENT_SET); + ap_hook_insert_filter(set_output_filter, nullptr, nullptr, APR_HOOK_LAST); + ap_register_output_filter("SHIB_HEADERS_ERR", do_error_filter, nullptr, AP_FTYPE_CONTENT_SET); + ap_hook_insert_error_filter(set_error_filter, nullptr, nullptr, APR_HOOK_LAST); + ap_hook_post_read_request(shib_post_read, nullptr, nullptr, APR_HOOK_MIDDLE); +#endif + ap_hook_post_config(shib_post_config, nullptr, nullptr, APR_HOOK_MIDDLE); + ap_hook_child_init(shib_child_init, nullptr, nullptr, APR_HOOK_MIDDLE); + const char* prereq = getenv("SHIBSP_APACHE_PREREQ"); +#ifdef SHIB_APACHE_24 + if (prereq && *prereq) { + const char* const authnPre[] = { prereq, nullptr }; + ap_hook_check_authn(shib_check_user, authnPre, nullptr, APR_HOOK_MIDDLE, AP_AUTH_INTERNAL_PER_URI); + } + else { + ap_hook_check_authn(shib_check_user, nullptr, nullptr, APR_HOOK_MIDDLE, AP_AUTH_INTERNAL_PER_URI); + } + ap_hook_check_authz(shib_auth_checker, nullptr, nullptr, APR_HOOK_FIRST, AP_AUTH_INTERNAL_PER_URI); +#else + if (prereq && *prereq) { + const char* const authnPre[] = { prereq, nullptr }; + ap_hook_check_user_id(shib_check_user, authnPre, nullptr, APR_HOOK_MIDDLE); + } + else { + ap_hook_check_user_id(shib_check_user, nullptr, nullptr, APR_HOOK_MIDDLE); + } + ap_hook_auth_checker(shib_auth_checker, nullptr, nullptr, APR_HOOK_FIRST); +#endif + ap_hook_handler(shib_handler, nullptr, nullptr, APR_HOOK_LAST); + ap_hook_fixups(shib_fixups, nullptr, nullptr, APR_HOOK_MIDDLE); + +#ifdef SHIB_APACHE_24 + ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "shibboleth", AUTHZ_PROVIDER_VERSION, &shib_authz_shibboleth_provider, AP_AUTH_INTERNAL_PER_CONF); + ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "valid-user", AUTHZ_PROVIDER_VERSION, &shib_authz_validuser_provider, AP_AUTH_INTERNAL_PER_CONF); + ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "shib-session", AUTHZ_PROVIDER_VERSION, &shib_authz_session_provider, AP_AUTH_INTERNAL_PER_CONF); + ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "user", AUTHZ_PROVIDER_VERSION, &shib_authz_user_provider, AP_AUTH_INTERNAL_PER_CONF); + ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "shib-user", AUTHZ_PROVIDER_VERSION, &shib_authz_ext_user_provider, AP_AUTH_INTERNAL_PER_CONF); + ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "authnContextClassRef", AUTHZ_PROVIDER_VERSION, &shib_authz_acclass_provider, AP_AUTH_INTERNAL_PER_CONF); + ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "authnContextDeclRef", AUTHZ_PROVIDER_VERSION, &shib_authz_acdecl_provider, AP_AUTH_INTERNAL_PER_CONF); + ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "shib-attr", AUTHZ_PROVIDER_VERSION, &shib_authz_attr_provider, AP_AUTH_INTERNAL_PER_CONF); + ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "shib-plugin", AUTHZ_PROVIDER_VERSION, &shib_authz_plugin_provider, AP_AUTH_INTERNAL_PER_CONF); +#endif +} + +// SHIB Module commands + +extern "C" { +static command_rec shib_cmds[] = { + AP_INIT_TAKE1("ShibPrefix", (config_fn_t)ap_set_global_string_slot, &g_szPrefix, + RSRC_CONF, "Shibboleth installation directory"), + AP_INIT_TAKE1("ShibConfig", (config_fn_t)ap_set_global_string_slot, &g_szSHIBConfig, + RSRC_CONF, "Path to shibboleth2.xml config file"), + AP_INIT_TAKE1("ShibCatalogs", (config_fn_t)ap_set_global_string_slot, &g_szSchemaDir, + RSRC_CONF, "Paths of XML schema catalogs"), + AP_INIT_TAKE1("ShibGSSKey", (config_fn_t)ap_set_global_string_slot, &g_szGSSContextKey, + RSRC_CONF, "Name of user data key containing GSS context established by GSS module"), + + AP_INIT_TAKE1("ShibURLScheme", (config_fn_t)shib_set_server_string_slot, + (void *) offsetof (shib_server_config, szScheme), + RSRC_CONF, "URL scheme to force into generated URLs for a vhost"), + + AP_INIT_TAKE2("ShibRequestSetting", (config_fn_t)shib_table_set, nullptr, + OR_AUTHCFG, "Set arbitrary Shibboleth request property for content"), + + AP_INIT_FLAG("ShibDisable", (config_fn_t)ap_set_flag_slot, + (void *) offsetof (shib_dir_config, bOff), + OR_AUTHCFG, "Disable all Shib module activity here to save processing effort"), + AP_INIT_TAKE1("ShibApplicationId", (config_fn_t)ap_set_string_slot, + (void *) offsetof (shib_dir_config, szApplicationId), + OR_AUTHCFG, "Set Shibboleth applicationId property for content"), + AP_INIT_FLAG("ShibBasicHijack", (config_fn_t)ap_set_flag_slot, + (void *) offsetof (shib_dir_config, bBasicHijack), + OR_AUTHCFG, "(DEPRECATED) Respond to AuthType Basic and convert to shibboleth"), + AP_INIT_FLAG("ShibRequireSession", (config_fn_t)ap_set_flag_slot, + (void *) offsetof (shib_dir_config, bRequireSession), + OR_AUTHCFG, "Initiates a new session if one does not exist"), + AP_INIT_TAKE1("ShibRequireSessionWith", (config_fn_t)ap_set_string_slot, + (void *) offsetof (shib_dir_config, szRequireWith), + OR_AUTHCFG, "Initiates a new session if one does not exist using a specific SessionInitiator"), + AP_INIT_FLAG("ShibExportAssertion", (config_fn_t)ap_set_flag_slot, + (void *) offsetof (shib_dir_config, bExportAssertion), + OR_AUTHCFG, "Export SAML attribute assertion(s) to Shib-Attributes header"), + AP_INIT_TAKE1("ShibRedirectToSSL", (config_fn_t)ap_set_string_slot, + (void *) offsetof (shib_dir_config, szRedirectToSSL), + OR_AUTHCFG, "Redirect non-SSL requests to designated port"), +#ifdef SHIB_APACHE_24 + AP_INIT_FLAG("ShibRequestMapperAuthz", (config_fn_t)ap_set_flag_slot, + (void *) offsetof (shib_dir_config, bRequestMapperAuthz), + OR_AUTHCFG, "Support access control via shibboleth2.xml / RequestMapper"), + AP_INIT_FLAG("ShibCompatValidUser", (config_fn_t)shib_set_server_flag_slot, + (void *) offsetof (shib_server_config, bCompatValidUser), + RSRC_CONF, "Handle 'require valid-user' in mod_authz_user-compatible fashion (requiring username)"), +#else + AP_INIT_TAKE1("AuthGroupFile", (config_fn_t)shib_ap_set_file_slot, + (void *) offsetof (shib_dir_config, szAuthGrpFile), + OR_AUTHCFG, "Text file containing group names and member user IDs"), + AP_INIT_TAKE1("ShibAccessControl", (config_fn_t)shib_set_acl_slot, nullptr, + OR_AUTHCFG, "Set arbitrary Shibboleth access control plugin for content"), + AP_INIT_FLAG("ShibRequireAll", (config_fn_t)ap_set_flag_slot, + (void *) offsetof (shib_dir_config, bRequireAll), + OR_AUTHCFG, "All require directives must match"), + AP_INIT_FLAG("AuthzShibAuthoritative", (config_fn_t)ap_set_flag_slot, + (void *) offsetof (shib_dir_config, bAuthoritative), + OR_AUTHCFG, "Allow failed mod_shib htaccess authorization to fall through to other modules"), + AP_INIT_FLAG("ShibCompatWith24", (config_fn_t)ap_set_flag_slot, + (void *) offsetof (shib_dir_config, bCompatWith24), + OR_AUTHCFG, "Support Apache 2.4-style require rules"), +#endif + AP_INIT_FLAG("ShibUseEnvironment", (config_fn_t)ap_set_flag_slot, + (void *) offsetof (shib_dir_config, bUseEnvVars), + OR_AUTHCFG, "Export attributes using environment variables (default)"), + AP_INIT_FLAG("ShibUseHeaders", (config_fn_t)ap_set_flag_slot, + (void *) offsetof (shib_dir_config, bUseHeaders), + OR_AUTHCFG, "Export attributes using custom HTTP headers"), + AP_INIT_FLAG("ShibExpireRedirects", (config_fn_t)ap_set_flag_slot, + (void *) offsetof (shib_dir_config, bExpireRedirects), + OR_AUTHCFG, "Expire SP-generated redirects"), + + {nullptr} +}; + +module AP_MODULE_DECLARE_DATA mod_shib = { + STANDARD20_MODULE_STUFF, + create_shib_dir_config, /* create dir config */ + merge_shib_dir_config, /* merge dir config --- default is to override */ + create_shib_server_config, /* create server config */ + merge_shib_server_config, /* merge server config */ + shib_cmds, /* command table */ + shib_register_hooks /* register hooks */ +}; + +#endif + +} diff -Nru shibboleth-sp2-2.4.3+dfsg/apache/mod_shib13.vcxproj shibboleth-sp2-2.5.2+dfsg/apache/mod_shib13.vcxproj --- shibboleth-sp2-2.4.3+dfsg/apache/mod_shib13.vcxproj 2011-06-28 00:39:26.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/apache/mod_shib13.vcxproj 2013-05-23 16:57:05.000000000 +0000 @@ -61,16 +61,15 @@ + + + <_ProjectFileVersion>10.0.30319.1 - $(SolutionDir)$(Configuration)\ - $(Configuration)\ false $(SolutionDir)$(Platform)\$(Configuration)\ $(Platform)\$(Configuration)\ false - $(SolutionDir)$(Configuration)\ - $(Configuration)\ true $(SolutionDir)$(Platform)\$(Configuration)\ $(Platform)\$(Configuration)\ @@ -105,7 +104,7 @@ MaxSpeed OnlyExplicitInline - ..;\Apache\include;..\..\cpp-xmltooling;%(AdditionalIncludeDirectories) + ..;$(Apache13Root)\include;..\..\cpp-xmltooling;%(AdditionalIncludeDirectories) WIN32;NDEBUG;_WINDOWS;EAPI;%(PreprocessorDefinitions) true true @@ -118,7 +117,7 @@ xerces-c_3.lib;ApacheCore.lib;xmltooling-lite1.lib;%(AdditionalDependencies) - ..\..\cpp-xmltooling\$(Configuration);\Apache\libexec;%(AdditionalLibraryDirectories) + ..\..\cpp-xmltooling\$(Configuration);$(Apache13Root)\libexec;%(AdditionalLibraryDirectories) true @@ -137,7 +136,7 @@ MaxSpeed OnlyExplicitInline - ..;\Apache\include;..\..\cpp-xmltooling;%(AdditionalIncludeDirectories) + ..;..\..\cpp-xmltooling;%(AdditionalIncludeDirectories) WIN32;NDEBUG;_WINDOWS;EAPI;%(PreprocessorDefinitions) true true @@ -150,7 +149,7 @@ xerces-c_3.lib;ApacheCore.lib;xmltooling-lite1.lib;%(AdditionalDependencies) - ..\..\cpp-xmltooling\$(Platform)\$(Configuration);\Apache\libexec;%(AdditionalLibraryDirectories) + ..\..\cpp-xmltooling\$(Platform)\$(Configuration);%(AdditionalLibraryDirectories) true @@ -168,7 +167,7 @@ Disabled - ..;\Apache\include;..\..\cpp-xmltooling;%(AdditionalIncludeDirectories) + ..;$(Apache13Root)\include;..\..\cpp-xmltooling;%(AdditionalIncludeDirectories) _WINDOWS;EAPI;WIN32;_DEBUG;%(PreprocessorDefinitions) MultiThreadedDebugDLL true @@ -182,7 +181,7 @@ xerces-c_3D.lib;ApacheCore.lib;xmltooling-lite1D.lib;%(AdditionalDependencies) - ..\..\cpp-xmltooling\$(Configuration);\Apache\libexec;%(AdditionalLibraryDirectories) + ..\..\cpp-xmltooling\$(Configuration);$(Apache13Root)\libexec;%(AdditionalLibraryDirectories) true @@ -200,7 +199,7 @@ Disabled - ..;\Apache\include;..\..\cpp-xmltooling;%(AdditionalIncludeDirectories) + ..;..\..\cpp-xmltooling;%(AdditionalIncludeDirectories) _WINDOWS;EAPI;WIN32;_DEBUG;%(PreprocessorDefinitions) MultiThreadedDebugDLL true @@ -214,7 +213,7 @@ xerces-c_3D.lib;ApacheCore.lib;xmltooling-lite1D.lib;%(AdditionalDependencies) - ..\..\cpp-xmltooling\$(Platform)\$(Configuration);\Apache\libexec;%(AdditionalLibraryDirectories) + ..\..\cpp-xmltooling\$(Platform)\$(Configuration);%(AdditionalLibraryDirectories) true @@ -224,7 +223,7 @@ - + true true true diff -Nru shibboleth-sp2-2.4.3+dfsg/apache/mod_shib20.vcxproj shibboleth-sp2-2.5.2+dfsg/apache/mod_shib20.vcxproj --- shibboleth-sp2-2.4.3+dfsg/apache/mod_shib20.vcxproj 2011-06-28 00:39:26.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/apache/mod_shib20.vcxproj 2013-05-23 16:57:05.000000000 +0000 @@ -61,15 +61,16 @@ + + + <_ProjectFileVersion>10.0.30319.1 - $(SolutionDir)$(Configuration)\ $(ProjectName)-$(Configuration)\ false $(SolutionDir)$(Platform)\$(Configuration)\ $(Platform)\$(ProjectName)-$(Configuration)\ false - $(SolutionDir)$(Configuration)\ $(ProjectName)-$(Configuration)\ true $(SolutionDir)$(Platform)\$(Configuration)\ @@ -105,7 +106,7 @@ MaxSpeed OnlyExplicitInline - ..;\Apache2.0.63\Apache2\include;..\..\cpp-xmltooling;%(AdditionalIncludeDirectories) + ..;$(Apache20Root)\include;..\..\cpp-xmltooling;%(AdditionalIncludeDirectories) WIN32;NDEBUG;_WINDOWS;%(PreprocessorDefinitions) true true @@ -119,7 +120,7 @@ xerces-c_3.lib;libapr.lib;libaprutil.lib;libhttpd.lib;xmltooling-lite1.lib;%(AdditionalDependencies) - ..\..\cpp-xmltooling\$(Configuration);\Apache2.0.63\Apache2\lib;%(AdditionalLibraryDirectories) + ..\..\cpp-xmltooling\$(Configuration);$(Apache20Root)\lib;%(AdditionalLibraryDirectories) true @@ -138,7 +139,7 @@ MaxSpeed OnlyExplicitInline - ..;\Apache2.0.63\Apache2\include;..\..\cpp-xmltooling;%(AdditionalIncludeDirectories) + ..;..\..\cpp-xmltooling;%(AdditionalIncludeDirectories) WIN32;NDEBUG;_WINDOWS;%(PreprocessorDefinitions) true true @@ -152,7 +153,7 @@ xerces-c_3.lib;libapr.lib;libaprutil.lib;libhttpd.lib;xmltooling-lite1.lib;%(AdditionalDependencies) - ..\..\cpp-xmltooling\$(Platform)\$(Configuration);\Apache2.0.63\Apache2\lib;%(AdditionalLibraryDirectories) + ..\..\cpp-xmltooling\$(Platform)\$(Configuration);%(AdditionalLibraryDirectories) true @@ -170,7 +171,7 @@ Disabled - ..;\Apache2.0.63\Apache2\include;..\..\cpp-xmltooling;%(AdditionalIncludeDirectories) + ..;$(Apache20Root)\include;..\..\cpp-xmltooling;%(AdditionalIncludeDirectories) _WINDOWS;WIN32;_DEBUG;%(PreprocessorDefinitions) MultiThreadedDebugDLL true @@ -185,7 +186,7 @@ xerces-c_3D.lib;libapr.lib;libaprutil.lib;libhttpd.lib;xmltooling-lite1D.lib;%(AdditionalDependencies) - ..\..\cpp-xmltooling\$(Configuration);\Apache2.0.63\Apache2\lib;%(AdditionalLibraryDirectories) + ..\..\cpp-xmltooling\$(Configuration);$(Apache20Root)\lib;%(AdditionalLibraryDirectories) true @@ -203,7 +204,7 @@ Disabled - ..;\Apache2.0.63\Apache2\include;..\..\cpp-xmltooling;%(AdditionalIncludeDirectories) + ..;..\..\cpp-xmltooling;%(AdditionalIncludeDirectories) _WINDOWS;WIN32;_DEBUG;%(PreprocessorDefinitions) MultiThreadedDebugDLL true @@ -218,7 +219,7 @@ xerces-c_3D.lib;libapr.lib;libaprutil.lib;libhttpd.lib;xmltooling-lite1D.lib;%(AdditionalDependencies) - ..\..\cpp-xmltooling\$(Platform)\$(Configuration);\Apache2.0.63\Apache2\lib;%(AdditionalLibraryDirectories) + ..\..\cpp-xmltooling\$(Platform)\$(Configuration);%(AdditionalLibraryDirectories) true @@ -228,7 +229,7 @@ - + true true true diff -Nru shibboleth-sp2-2.4.3+dfsg/apache/mod_shib22.vcxproj shibboleth-sp2-2.5.2+dfsg/apache/mod_shib22.vcxproj --- shibboleth-sp2-2.4.3+dfsg/apache/mod_shib22.vcxproj 2011-06-28 00:39:26.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/apache/mod_shib22.vcxproj 2013-05-23 16:57:05.000000000 +0000 @@ -61,15 +61,16 @@ + + + <_ProjectFileVersion>10.0.30319.1 - $(SolutionDir)$(Configuration)\ $(ProjectName)-$(Configuration)\ false $(SolutionDir)$(Platform)\$(Configuration)\ $(Platform)\$(ProjectName)-$(Configuration)\ false - $(SolutionDir)$(Configuration)\ $(ProjectName)-$(Configuration)\ true $(SolutionDir)$(Platform)\$(Configuration)\ @@ -105,7 +106,7 @@ MaxSpeed OnlyExplicitInline - ..;\Apache2.2.14\include;..\..\cpp-xmltooling;%(AdditionalIncludeDirectories) + ..;$(Apache22Root)\include;..\..\cpp-xmltooling;%(AdditionalIncludeDirectories) NDEBUG;WIN32;_WINDOWS;%(PreprocessorDefinitions) true true @@ -118,7 +119,7 @@ xerces-c_3.lib;xmltooling-lite1.lib;libapr-1.lib;libaprutil-1.lib;libhttpd.lib;%(AdditionalDependencies) - ..\..\cpp-xmltooling\$(Configuration);\Apache2.2.14\lib;%(AdditionalLibraryDirectories) + ..\..\cpp-xmltooling\$(Configuration);$(Apache22Root)\lib;%(AdditionalLibraryDirectories) true @@ -140,7 +141,7 @@ MaxSpeed OnlyExplicitInline - ..;\httpd-2.2-x64\include;..\..\cpp-xmltooling;%(AdditionalIncludeDirectories) + ..;$(Apache22Root64)\include;..\..\cpp-xmltooling;%(AdditionalIncludeDirectories) NDEBUG;WIN32;_WINDOWS;%(PreprocessorDefinitions) true true @@ -153,7 +154,7 @@ xerces-c_3.lib;xmltooling-lite1.lib;libapr-1.lib;libaprutil-1.lib;libhttpd.lib;%(AdditionalDependencies) - ..\..\cpp-xmltooling\$(Platform)\$(Configuration);C:\httpd-2.2-x64\lib;%(AdditionalLibraryDirectories) + ..\..\cpp-xmltooling\$(Platform)\$(Configuration);$(Apache22Root64)\lib;%(AdditionalLibraryDirectories) true @@ -174,7 +175,7 @@ Disabled - ..;\Apache2.2.14\include;..\..\cpp-xmltooling;%(AdditionalIncludeDirectories) + ..;$(Apache22Root)\include;..\..\cpp-xmltooling;%(AdditionalIncludeDirectories) _DEBUG;WIN32;_WINDOWS;%(PreprocessorDefinitions) MultiThreadedDebugDLL true @@ -188,7 +189,7 @@ xerces-c_3D.lib;xmltooling-lite1D.lib;libapr-1.lib;libaprutil-1.lib;libhttpd.lib;%(AdditionalDependencies) - ..\..\cpp-xmltooling\$(Configuration);\Apache2.2.14\lib;%(AdditionalLibraryDirectories) + ..\..\cpp-xmltooling\$(Configuration);$(Apache22Root)\lib;%(AdditionalLibraryDirectories) true @@ -209,7 +210,7 @@ Disabled - ..;\httpd-2.2-x64\include;..\..\cpp-xmltooling;%(AdditionalIncludeDirectories) + ..;$(Apache22Root64)\include;..\..\cpp-xmltooling;%(AdditionalIncludeDirectories) _DEBUG;WIN32;_WINDOWS;%(PreprocessorDefinitions) MultiThreadedDebugDLL true @@ -223,7 +224,7 @@ xerces-c_3D.lib;xmltooling-lite1D.lib;libapr-1.lib;libaprutil-1.lib;libhttpd.lib;%(AdditionalDependencies) - ..\..\cpp-xmltooling\$(Platform)\$(Configuration);C:\httpd-2.2-x64\lib;%(AdditionalLibraryDirectories) + ..\..\cpp-xmltooling\$(Platform)\$(Configuration);$(Apache22Root64)\lib;%(AdditionalLibraryDirectories) true @@ -236,7 +237,7 @@ - + true true true diff -Nru shibboleth-sp2-2.4.3+dfsg/apache/mod_shib24.vcxproj shibboleth-sp2-2.5.2+dfsg/apache/mod_shib24.vcxproj --- shibboleth-sp2-2.4.3+dfsg/apache/mod_shib24.vcxproj 1970-01-01 00:00:00.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/apache/mod_shib24.vcxproj 2013-05-23 16:57:05.000000000 +0000 @@ -0,0 +1,227 @@ + + + + + Debug + Win32 + + + Debug + x64 + + + Release + Win32 + + + Release + x64 + + + + {B44C0852-83B8-4FB2-A86E-097C9C8256D1} + mod_shib_24 + + + + DynamicLibrary + MultiByte + + + DynamicLibrary + MultiByte + true + + + DynamicLibrary + MultiByte + + + DynamicLibrary + MultiByte + true + + + + + + + + + + + + + + + + + + + + + + + + + + <_ProjectFileVersion>10.0.30319.1 + $(ProjectName)-$(Configuration)\ + false + $(SolutionDir)$(Platform)\$(Configuration)\ + $(Platform)\$(ProjectName)-$(Configuration)\ + false + $(ProjectName)-$(Configuration)\ + true + $(SolutionDir)$(Platform)\$(Configuration)\ + $(Platform)\$(ProjectName)-$(Configuration)\ + true + AllRules.ruleset + + + AllRules.ruleset + + + AllRules.ruleset + + + AllRules.ruleset + + + .so + .so + .so + .so + + + + MaxSpeed + OnlyExplicitInline + ..;$(Apache24Root)\include;..\..\cpp-xmltooling;%(AdditionalIncludeDirectories) + NDEBUG;WIN32;_WINDOWS;%(PreprocessorDefinitions) + true + true + true + Level3 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + + + xerces-c_3.lib;xmltooling-lite1.lib;libapr-1.lib;libaprutil-1.lib;libhttpd.lib;%(AdditionalDependencies) + ..\..\cpp-xmltooling\$(Configuration);$(Apache24Root)\lib;%(AdditionalLibraryDirectories) + + + true + + + true + + + + + MaxSpeed + OnlyExplicitInline + ..;$(Apache24Root64)\include;..\..\cpp-xmltooling;%(AdditionalIncludeDirectories) + NDEBUG;WIN32;_WINDOWS;%(PreprocessorDefinitions) + true + true + true + Level3 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + + + xerces-c_3.lib;xmltooling-lite1.lib;libapr-1.lib;libaprutil-1.lib;libhttpd.lib;%(AdditionalDependencies) + ..\..\cpp-xmltooling\$(Platform)\$(Configuration);$(Apache24Root64)\lib;%(AdditionalLibraryDirectories) + + + true + + + true + + + + + Disabled + ..;$(Apache24Root)\include;..\..\cpp-xmltooling;%(AdditionalIncludeDirectories) + _DEBUG;WIN32;_WINDOWS;%(PreprocessorDefinitions) + MultiThreadedDebugDLL + true + true + Level3 + EditAndContinue + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + + + xerces-c_3D.lib;xmltooling-lite1D.lib;libapr-1.lib;libaprutil-1.lib;libhttpd.lib;%(AdditionalDependencies) + ..\..\cpp-xmltooling\$(Configuration);$(Apache24Root)\lib;%(AdditionalLibraryDirectories) + true + + + + + true + + + + + Disabled + ..;$(Apache24Root64)\include;..\..\cpp-xmltooling;%(AdditionalIncludeDirectories) + _DEBUG;WIN32;_WINDOWS;%(PreprocessorDefinitions) + MultiThreadedDebugDLL + true + true + Level3 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + + + xerces-c_3D.lib;xmltooling-lite1D.lib;libapr-1.lib;libaprutil-1.lib;libhttpd.lib;%(AdditionalDependencies) + ..\..\cpp-xmltooling\$(Platform)\$(Configuration);$(Apache24Root64)\lib;%(AdditionalLibraryDirectories) + true + + + + + true + + + + + + + + true + true + true + true + + + + + + + + + + + + {81f0f7a6-dc36-46ef-957f-f9e81d4403f7} + false + + + + + + \ No newline at end of file diff -Nru shibboleth-sp2-2.4.3+dfsg/apache/mod_shib_13.cpp shibboleth-sp2-2.5.2+dfsg/apache/mod_shib_13.cpp --- shibboleth-sp2-2.4.3+dfsg/apache/mod_shib_13.cpp 2011-06-28 00:39:26.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/apache/mod_shib_13.cpp 2012-07-23 20:08:22.000000000 +0000 @@ -41,4 +41,4 @@ #define apr_pool_userdata_setn(n,k,d,p) #define apr_pool_cleanup_register(p1,p2,f,d) -#include "mod_apache.cpp" +#include "mod_shib.cpp" diff -Nru shibboleth-sp2-2.4.3+dfsg/apache/mod_shib_13.rc shibboleth-sp2-2.5.2+dfsg/apache/mod_shib_13.rc --- shibboleth-sp2-2.4.3+dfsg/apache/mod_shib_13.rc 2011-06-28 00:39:26.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/apache/mod_shib_13.rc 2013-05-19 23:35:08.000000000 +0000 @@ -28,8 +28,8 @@ // VS_VERSION_INFO VERSIONINFO - FILEVERSION 2,4,3,0 - PRODUCTVERSION 2,4,3,0 + FILEVERSION 2,5,2,0 + PRODUCTVERSION 2,5,2,0 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L @@ -45,16 +45,16 @@ BLOCK "040904b0" BEGIN VALUE "Comments", "\0" - VALUE "CompanyName", "UCAID\0" + VALUE "CompanyName", "Shibboleth Consortium\0" VALUE "FileDescription", "Shibboleth Apache 1.3 Module\0" - VALUE "FileVersion", "2, 4, 3, 0\0" + VALUE "FileVersion", "2, 5, 2, 0\0" VALUE "InternalName", "mod_shib_13\0" - VALUE "LegalCopyright", "Copyright © 2011 UCAID\0" + VALUE "LegalCopyright", "Copyright © 2013 UCAID\0" VALUE "LegalTrademarks", "\0" VALUE "OriginalFilename", "mod_shib_13.so\0" VALUE "PrivateBuild", "\0" - VALUE "ProductName", "Shibboleth 2.4.3\0" - VALUE "ProductVersion", "2, 4, 3, 0\0" + VALUE "ProductName", "Shibboleth 2.5.2\0" + VALUE "ProductVersion", "2, 5, 2, 0\0" VALUE "SpecialBuild", "\0" END END diff -Nru shibboleth-sp2-2.4.3+dfsg/apache/mod_shib_20.cpp shibboleth-sp2-2.5.2+dfsg/apache/mod_shib_20.cpp --- shibboleth-sp2-2.4.3+dfsg/apache/mod_shib_20.cpp 2011-06-28 00:39:26.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/apache/mod_shib_20.cpp 2012-07-23 20:08:22.000000000 +0000 @@ -65,4 +65,4 @@ #define ap_reset_timeout(r) #define ap_kill_timeout(r) -#include "mod_apache.cpp" +#include "mod_shib.cpp" diff -Nru shibboleth-sp2-2.4.3+dfsg/apache/mod_shib_20.rc shibboleth-sp2-2.5.2+dfsg/apache/mod_shib_20.rc --- shibboleth-sp2-2.4.3+dfsg/apache/mod_shib_20.rc 2011-06-28 00:39:26.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/apache/mod_shib_20.rc 2013-05-19 23:35:08.000000000 +0000 @@ -28,8 +28,8 @@ // VS_VERSION_INFO VERSIONINFO - FILEVERSION 2,4,3,0 - PRODUCTVERSION 2,4,3,0 + FILEVERSION 2,5,2,0 + PRODUCTVERSION 2,5,2,0 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L @@ -45,16 +45,16 @@ BLOCK "040904b0" BEGIN VALUE "Comments", "\0" - VALUE "CompanyName", "UCAID\0" + VALUE "CompanyName", "Shibboleth Consortium\0" VALUE "FileDescription", "Shibboleth Apache 2.0 Module\0" - VALUE "FileVersion", "2, 4, 3, 0\0" + VALUE "FileVersion", "2, 5, 2, 0\0" VALUE "InternalName", "mod_shib_20\0" - VALUE "LegalCopyright", "Copyright © 2011 UCAID\0" + VALUE "LegalCopyright", "Copyright © 2013 UCAID\0" VALUE "LegalTrademarks", "\0" VALUE "OriginalFilename", "mod_shib_20.so\0" VALUE "PrivateBuild", "\0" - VALUE "ProductName", "Shibboleth 2.4.3\0" - VALUE "ProductVersion", "2, 4, 3, 0\0" + VALUE "ProductName", "Shibboleth 2.5.2\0" + VALUE "ProductVersion", "2, 5, 2, 0\0" VALUE "SpecialBuild", "\0" END END diff -Nru shibboleth-sp2-2.4.3+dfsg/apache/mod_shib_22.cpp shibboleth-sp2-2.5.2+dfsg/apache/mod_shib_22.cpp --- shibboleth-sp2-2.4.3+dfsg/apache/mod_shib_22.cpp 2011-06-28 00:39:26.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/apache/mod_shib_22.cpp 2012-07-24 22:03:21.000000000 +0000 @@ -67,4 +67,4 @@ #define ap_http_method ap_http_scheme -#include "mod_apache.cpp" +#include "mod_shib.cpp" diff -Nru shibboleth-sp2-2.4.3+dfsg/apache/mod_shib_22.rc shibboleth-sp2-2.5.2+dfsg/apache/mod_shib_22.rc --- shibboleth-sp2-2.4.3+dfsg/apache/mod_shib_22.rc 2011-06-28 00:39:26.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/apache/mod_shib_22.rc 2013-05-19 23:35:08.000000000 +0000 @@ -28,8 +28,8 @@ // VS_VERSION_INFO VERSIONINFO - FILEVERSION 2,4,3,0 - PRODUCTVERSION 2,4,3,0 + FILEVERSION 2,5,2,0 + PRODUCTVERSION 2,5,2,0 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L @@ -45,16 +45,16 @@ BLOCK "040904b0" BEGIN VALUE "Comments", "\0" - VALUE "CompanyName", "UCAID\0" + VALUE "CompanyName", "Shibboleth Consortium\0" VALUE "FileDescription", "Shibboleth Apache 2.2 Module\0" - VALUE "FileVersion", "2, 4, 3, 0\0" + VALUE "FileVersion", "2, 5, 2, 0\0" VALUE "InternalName", "mod_shib_22\0" - VALUE "LegalCopyright", "Copyright © 2011 UCAID\0" + VALUE "LegalCopyright", "Copyright © 2013 UCAID\0" VALUE "LegalTrademarks", "\0" VALUE "OriginalFilename", "mod_shib_22.so\0" VALUE "PrivateBuild", "\0" - VALUE "ProductName", "Shibboleth 2.4.3\0" - VALUE "ProductVersion", "2, 4, 3, 0\0" + VALUE "ProductName", "Shibboleth 2.5.2\0" + VALUE "ProductVersion", "2, 5, 2, 0\0" VALUE "SpecialBuild", "\0" END END diff -Nru shibboleth-sp2-2.4.3+dfsg/apache/mod_shib_24.cpp shibboleth-sp2-2.5.2+dfsg/apache/mod_shib_24.cpp --- shibboleth-sp2-2.4.3+dfsg/apache/mod_shib_24.cpp 1970-01-01 00:00:00.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/apache/mod_shib_24.cpp 2012-07-23 20:08:22.000000000 +0000 @@ -0,0 +1,70 @@ +/** + * Licensed to the University Corporation for Advanced Internet + * Development, Inc. (UCAID) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for + * additional information regarding copyright ownership. + * + * UCAID licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the + * License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific + * language governing permissions and limitations under the License. + */ + +/* mod_shib_24.cpp -- a wrapper around the apache module code to + * build for Apache 2.4 + * + * Created by: Scott Cantor + * + */ + +#define SHIB_APACHE_24 1 + +#define MODULE_VAR_EXPORT AP_MODULE_DECLARE_DATA +#define SH_AP_POOL apr_pool_t +#define SH_AP_TABLE apr_table_t +#define SH_AP_CONFIGFILE ap_configfile_t +#define array_header apr_array_header_t + +#define SH_AP_R(r) 0,r +#define SH_AP_USER(r) r->user +#define SH_AP_AUTH_TYPE(r) r->ap_auth_type + +#define SERVER_ERROR HTTP_INTERNAL_SERVER_ERROR +#define REDIRECT HTTP_MOVED_TEMPORARILY +#define ap_pcalloc apr_pcalloc +#define ap_pstrdup apr_pstrdup +#define ap_pstrcat apr_pstrcat +#define ap_psprintf apr_psprintf +#define ap_table_get apr_table_get +#define ap_table_add apr_table_add +#define ap_table_addn apr_table_addn +#define ap_table_setn apr_table_setn +#define ap_table_unset apr_table_unset +#define ap_table_set apr_table_set +#define ap_table_do apr_table_do +#define ap_copy_table apr_table_copy +#define ap_overlay_tables apr_table_overlay +#define ap_overlap_tables apr_table_overlap +#define ap_table_elts apr_table_elts +#define ap_is_empty_table apr_is_empty_table +#define ap_clear_pool apr_pool_clear +#define ap_destroy_pool apr_pool_destroy +#define ap_make_table apr_table_make +#define AP_OVERLAP_TABLES_SET APR_OVERLAP_TABLES_SET + +#define ap_send_http_header(r) +#define ap_hard_timeout(str,r) +#define ap_reset_timeout(r) +#define ap_kill_timeout(r) + +#define ap_http_method ap_http_scheme + +#include "mod_shib.cpp" diff -Nru shibboleth-sp2-2.4.3+dfsg/apache/mod_shib_24.rc shibboleth-sp2-2.5.2+dfsg/apache/mod_shib_24.rc --- shibboleth-sp2-2.4.3+dfsg/apache/mod_shib_24.rc 1970-01-01 00:00:00.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/apache/mod_shib_24.rc 2013-05-19 23:35:08.000000000 +0000 @@ -0,0 +1,109 @@ +//Microsoft Developer Studio generated resource script. +// +#include "resource.h" + +#define APSTUDIO_READONLY_SYMBOLS +///////////////////////////////////////////////////////////////////////////// +// +// Generated from the TEXTINCLUDE 2 resource. +// +#include "afxres.h" + +///////////////////////////////////////////////////////////////////////////// +#undef APSTUDIO_READONLY_SYMBOLS + +///////////////////////////////////////////////////////////////////////////// +// English (U.S.) resources + +#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU) +#ifdef _WIN32 +LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US +#pragma code_page(1252) +#endif //_WIN32 + +#ifndef _MAC +///////////////////////////////////////////////////////////////////////////// +// +// Version +// + +VS_VERSION_INFO VERSIONINFO + FILEVERSION 2,5,2,0 + PRODUCTVERSION 2,5,2,0 + FILEFLAGSMASK 0x3fL +#ifdef _DEBUG + FILEFLAGS 0x1L +#else + FILEFLAGS 0x0L +#endif + FILEOS 0x40004L + FILETYPE 0x2L + FILESUBTYPE 0x0L +BEGIN + BLOCK "StringFileInfo" + BEGIN + BLOCK "040904b0" + BEGIN + VALUE "Comments", "\0" + VALUE "CompanyName", "Shibboleth Consortium\0" + VALUE "FileDescription", "Shibboleth Apache 2.4 Module\0" + VALUE "FileVersion", "2, 5, 2, 0\0" + VALUE "InternalName", "mod_shib_24\0" + VALUE "LegalCopyright", "Copyright © 2013 UCAID\0" + VALUE "LegalTrademarks", "\0" + VALUE "OriginalFilename", "mod_shib_24.so\0" + VALUE "PrivateBuild", "\0" + VALUE "ProductName", "Shibboleth 2.5.2\0" + VALUE "ProductVersion", "2, 5, 2, 0\0" + VALUE "SpecialBuild", "\0" + END + END + BLOCK "VarFileInfo" + BEGIN + VALUE "Translation", 0x409, 1200 + END +END + +#endif // !_MAC + + +#ifdef APSTUDIO_INVOKED +///////////////////////////////////////////////////////////////////////////// +// +// TEXTINCLUDE +// + +1 TEXTINCLUDE DISCARDABLE +BEGIN + "resource.h\0" +END + +2 TEXTINCLUDE DISCARDABLE +BEGIN + "#include ""afxres.h""\r\n" + "\0" +END + +3 TEXTINCLUDE DISCARDABLE +BEGIN + "\r\n" + "\0" +END + +#endif // APSTUDIO_INVOKED + +#endif // English (U.S.) resources +///////////////////////////////////////////////////////////////////////////// + + + +#ifndef APSTUDIO_INVOKED +///////////////////////////////////////////////////////////////////////////// +// +// Generated from the TEXTINCLUDE 3 resource. +// + + +///////////////////////////////////////////////////////////////////////////// +#endif // not APSTUDIO_INVOKED + diff -Nru shibboleth-sp2-2.4.3+dfsg/build-aux/depcomp shibboleth-sp2-2.5.2+dfsg/build-aux/depcomp --- shibboleth-sp2-2.4.3+dfsg/build-aux/depcomp 2011-06-28 01:29:29.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/build-aux/depcomp 2013-06-16 22:06:21.000000000 +0000 @@ -1,10 +1,9 @@ #! /bin/sh # depcomp - compile a program generating dependencies as side-effects -scriptversion=2009-04-28.21; # UTC +scriptversion=2012-07-12.20; # UTC -# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2006, 2007, 2009 Free -# Software Foundation, Inc. +# Copyright (C) 1999-2012 Free Software Foundation, Inc. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -28,7 +27,7 @@ case $1 in '') - echo "$0: No command. Try \`$0 --help' for more information." 1>&2 + echo "$0: No command. Try '$0 --help' for more information." 1>&2 exit 1; ;; -h | --h*) @@ -40,11 +39,11 @@ Environment variables: depmode Dependency tracking mode. - source Source file read by `PROGRAMS ARGS'. - object Object file output by `PROGRAMS ARGS'. + source Source file read by 'PROGRAMS ARGS'. + object Object file output by 'PROGRAMS ARGS'. DEPDIR directory where to store dependencies. depfile Dependency file to output. - tmpdepfile Temporary file to use when outputing dependencies. + tmpdepfile Temporary file to use when outputting dependencies. libtool Whether libtool is used (yes/no). Report bugs to . @@ -57,6 +56,12 @@ ;; esac +# A tabulation character. +tab=' ' +# A newline character. +nl=' +' + if test -z "$depmode" || test -z "$source" || test -z "$object"; then echo "depcomp: Variables source, object and depmode must be set" 1>&2 exit 1 @@ -69,6 +74,9 @@ rm -f "$tmpdepfile" +# Avoid interferences from the environment. +gccflag= dashmflag= + # Some modes work just like other modes, but use different flags. We # parameterize here, but still list the modes in the big case below, # to make depend.m4 easier to write. Note that we *cannot* use a case @@ -90,10 +98,24 @@ # This is just like msvisualcpp but w/o cygpath translation. # Just convert the backslash-escaped backslashes to single forward # slashes to satisfy depend.m4 - cygpath_u="sed s,\\\\\\\\,/,g" + cygpath_u='sed s,\\\\,/,g' depmode=msvisualcpp fi +if test "$depmode" = msvc7msys; then + # This is just like msvc7 but w/o cygpath translation. + # Just convert the backslash-escaped backslashes to single forward + # slashes to satisfy depend.m4 + cygpath_u='sed s,\\\\,/,g' + depmode=msvc7 +fi + +if test "$depmode" = xlc; then + # IBM C/C++ Compilers xlc/xlC can output gcc-like dependency information. + gccflag=-qmakedep=gcc,-MF + depmode=gcc +fi + case "$depmode" in gcc3) ## gcc 3 implements dependency tracking that does exactly what @@ -123,13 +145,17 @@ ;; gcc) +## Note that this doesn't just cater to obsosete pre-3.x GCC compilers. +## but also to in-use compilers like IMB xlc/xlC and the HP C compiler. +## (see the conditional assignment to $gccflag above). ## There are various ways to get dependency output from gcc. Here's ## why we pick this rather obscure method: ## - Don't want to use -MD because we'd like the dependencies to end ## up in a subdir. Having to rename by hand is ugly. ## (We might end up doing this anyway to support other compilers.) ## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like -## -MM, not -M (despite what the docs say). +## -MM, not -M (despite what the docs say). Also, it might not be +## supported by the other compilers which use the 'gcc' depmode. ## - Using -M directly means running the compiler twice (even worse ## than renaming). if test -z "$gccflag"; then @@ -148,20 +174,21 @@ ## The second -e expression handles DOS-style file names with drive letters. sed -e 's/^[^:]*: / /' \ -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile" -## This next piece of magic avoids the `deleted header file' problem. +## This next piece of magic avoids the "deleted header file" problem. ## The problem is that when a header file which appears in a .P file ## is deleted, the dependency causes make to die (because there is ## typically no way to rebuild the header). We avoid this by adding ## dummy dependencies for each header file. Too bad gcc doesn't do ## this for us directly. - tr ' ' ' -' < "$tmpdepfile" | -## Some versions of gcc put a space before the `:'. On the theory + tr ' ' "$nl" < "$tmpdepfile" | +## Some versions of gcc put a space before the ':'. On the theory ## that the space means something, we add a space to the output as -## well. +## well. hp depmode also adds that space, but also prefixes the VPATH +## to the object. Take care to not repeat it in the output. ## Some versions of the HPUX 10.20 sed can't process this invocation ## correctly. Breaking it into two sed invocations is a workaround. - sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile" + sed -e 's/^\\$//' -e '/^$/d' -e "s|.*$object$||" -e '/:$/d' \ + | sed -e 's/$/ :/' >> "$depfile" rm -f "$tmpdepfile" ;; @@ -193,18 +220,15 @@ # clever and replace this with sed code, as IRIX sed won't handle # lines with more than a fixed number of characters (4096 in # IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines; - # the IRIX cc adds comments like `#:fec' to the end of the + # the IRIX cc adds comments like '#:fec' to the end of the # dependency line. - tr ' ' ' -' < "$tmpdepfile" \ + tr ' ' "$nl" < "$tmpdepfile" \ | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' | \ - tr ' -' ' ' >> "$depfile" + tr "$nl" ' ' >> "$depfile" echo >> "$depfile" # The second pass generates a dummy entry for each header file. - tr ' ' ' -' < "$tmpdepfile" \ + tr ' ' "$nl" < "$tmpdepfile" \ | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \ >> "$depfile" else @@ -216,10 +240,17 @@ rm -f "$tmpdepfile" ;; +xlc) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 + ;; + aix) # The C for AIX Compiler uses -M and outputs the dependencies # in a .u file. In older versions, this file always lives in the - # current directory. Also, the AIX compiler puts `$object:' at the + # current directory. Also, the AIX compiler puts '$object:' at the # start of each line; $object doesn't have directory information. # Version 6 uses the directory in both cases. dir=`echo "$object" | sed -e 's|/[^/]*$|/|'` @@ -249,12 +280,11 @@ test -f "$tmpdepfile" && break done if test -f "$tmpdepfile"; then - # Each line is of the form `foo.o: dependent.h'. + # Each line is of the form 'foo.o: dependent.h'. # Do two passes, one to just change these to - # `$object: dependent.h' and one to simply `dependent.h:'. + # '$object: dependent.h' and one to simply 'dependent.h:'. sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile" - # That's a tab and a space in the []. - sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile" + sed -e 's,^.*\.[a-z]*:['"$tab"' ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile" else # The sourcefile does not contain any dependencies, so just # store a dummy comment line, to avoid errors with the Makefile @@ -265,23 +295,26 @@ ;; icc) - # Intel's C compiler understands `-MD -MF file'. However on - # icc -MD -MF foo.d -c -o sub/foo.o sub/foo.c + # Intel's C compiler anf tcc (Tiny C Compiler) understand '-MD -MF file'. + # However on + # $CC -MD -MF foo.d -c -o sub/foo.o sub/foo.c # ICC 7.0 will fill foo.d with something like # foo.o: sub/foo.c # foo.o: sub/foo.h - # which is wrong. We want: + # which is wrong. We want # sub/foo.o: sub/foo.c # sub/foo.o: sub/foo.h # sub/foo.c: # sub/foo.h: # ICC 7.1 will output # foo.o: sub/foo.c sub/foo.h - # and will wrap long lines using \ : + # and will wrap long lines using '\': # foo.o: sub/foo.c ... \ # sub/foo.h ... \ # ... - + # tcc 0.9.26 (FIXME still under development at the moment of writing) + # will emit a similar output, but also prepend the continuation lines + # with horizontal tabulation characters. "$@" -MD -MF "$tmpdepfile" stat=$? if test $stat -eq 0; then : @@ -290,6 +323,85 @@ exit $stat fi rm -f "$depfile" + # Each line is of the form 'foo.o: dependent.h', + # or 'foo.o: dep1.h dep2.h \', or ' dep3.h dep4.h \'. + # Do two passes, one to just change these to + # '$object: dependent.h' and one to simply 'dependent.h:'. + sed -e "s/^[ $tab][ $tab]*/ /" -e "s,^[^:]*:,$object :," \ + < "$tmpdepfile" > "$depfile" + sed ' + s/[ '"$tab"'][ '"$tab"']*/ /g + s/^ *// + s/ *\\*$// + s/^[^:]*: *// + /^$/d + /:$/d + s/$/ :/ + ' < "$tmpdepfile" >> "$depfile" + rm -f "$tmpdepfile" + ;; + +## The order of this option in the case statement is important, since the +## shell code in configure will try each of these formats in the order +## listed in this file. A plain '-MD' option would be understood by many +## compilers, so we must ensure this comes after the gcc and icc options. +pgcc) + # Portland's C compiler understands '-MD'. + # Will always output deps to 'file.d' where file is the root name of the + # source file under compilation, even if file resides in a subdirectory. + # The object file name does not affect the name of the '.d' file. + # pgcc 10.2 will output + # foo.o: sub/foo.c sub/foo.h + # and will wrap long lines using '\' : + # foo.o: sub/foo.c ... \ + # sub/foo.h ... \ + # ... + dir=`echo "$object" | sed -e 's|/[^/]*$|/|'` + test "x$dir" = "x$object" && dir= + # Use the source, not the object, to determine the base name, since + # that's sadly what pgcc will do too. + base=`echo "$source" | sed -e 's|^.*/||' -e 's/\.[-_a-zA-Z0-9]*$//'` + tmpdepfile="$base.d" + + # For projects that build the same source file twice into different object + # files, the pgcc approach of using the *source* file root name can cause + # problems in parallel builds. Use a locking strategy to avoid stomping on + # the same $tmpdepfile. + lockdir="$base.d-lock" + trap "echo '$0: caught signal, cleaning up...' >&2; rm -rf $lockdir" 1 2 13 15 + numtries=100 + i=$numtries + while test $i -gt 0 ; do + # mkdir is a portable test-and-set. + if mkdir $lockdir 2>/dev/null; then + # This process acquired the lock. + "$@" -MD + stat=$? + # Release the lock. + rm -rf $lockdir + break + else + ## the lock is being held by a different process, + ## wait until the winning process is done or we timeout + while test -d $lockdir && test $i -gt 0; do + sleep 1 + i=`expr $i - 1` + done + fi + i=`expr $i - 1` + done + trap - 1 2 13 15 + if test $i -le 0; then + echo "$0: failed to acquire lock after $numtries attempts" >&2 + echo "$0: check lockdir '$lockdir'" >&2 + exit 1 + fi + + if test $stat -ne 0; then + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" # Each line is of the form `foo.o: dependent.h', # or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'. # Do two passes, one to just change these to @@ -334,7 +446,7 @@ done if test -f "$tmpdepfile"; then sed -e "s,^.*\.[a-z]*:,$object:," "$tmpdepfile" > "$depfile" - # Add `dependent.h:' lines. + # Add 'dependent.h:' lines. sed -ne '2,${ s/^ *// s/ \\*$// @@ -349,9 +461,9 @@ tru64) # The Tru64 compiler uses -MD to generate dependencies as a side - # effect. `cc -MD -o foo.o ...' puts the dependencies into `foo.o.d'. + # effect. 'cc -MD -o foo.o ...' puts the dependencies into 'foo.o.d'. # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put - # dependencies in `foo.d' instead, so we check for that too. + # dependencies in 'foo.d' instead, so we check for that too. # Subdirectories are respected. dir=`echo "$object" | sed -e 's|/[^/]*$|/|'` test "x$dir" = "x$object" && dir= @@ -397,14 +509,59 @@ done if test -f "$tmpdepfile"; then sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile" - # That's a tab and a space in the []. - sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile" + sed -e 's,^.*\.[a-z]*:['"$tab"' ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile" else echo "#dummy" > "$depfile" fi rm -f "$tmpdepfile" ;; +msvc7) + if test "$libtool" = yes; then + showIncludes=-Wc,-showIncludes + else + showIncludes=-showIncludes + fi + "$@" $showIncludes > "$tmpdepfile" + stat=$? + grep -v '^Note: including file: ' "$tmpdepfile" + if test "$stat" = 0; then : + else + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + echo "$object : \\" > "$depfile" + # The first sed program below extracts the file names and escapes + # backslashes for cygpath. The second sed program outputs the file + # name when reading, but also accumulates all include files in the + # hold buffer in order to output them again at the end. This only + # works with sed implementations that can handle large buffers. + sed < "$tmpdepfile" -n ' +/^Note: including file: *\(.*\)/ { + s//\1/ + s/\\/\\\\/g + p +}' | $cygpath_u | sort -u | sed -n ' +s/ /\\ /g +s/\(.*\)/'"$tab"'\1 \\/p +s/.\(.*\) \\/\1:/ +H +$ { + s/.*/'"$tab"'/ + G + p +}' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +msvc7msys) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 + ;; + #nosideeffect) # This comment above is used by automake to tell side-effect # dependency tracking mechanisms from slower ones. @@ -422,7 +579,7 @@ shift fi - # Remove `-o $object'. + # Remove '-o $object'. IFS=" " for arg do @@ -442,15 +599,14 @@ done test -z "$dashmflag" && dashmflag=-M - # Require at least two characters before searching for `:' + # Require at least two characters before searching for ':' # in the target name. This is to cope with DOS-style filenames: - # a dependency such as `c:/foo/bar' could be seen as target `c' otherwise. + # a dependency such as 'c:/foo/bar' could be seen as target 'c' otherwise. "$@" $dashmflag | - sed 's:^[ ]*[^: ][^:][^:]*\:[ ]*:'"$object"'\: :' > "$tmpdepfile" + sed 's:^['"$tab"' ]*[^:'"$tab"' ][^:][^:]*\:['"$tab"' ]*:'"$object"'\: :' > "$tmpdepfile" rm -f "$depfile" cat < "$tmpdepfile" > "$depfile" - tr ' ' ' -' < "$tmpdepfile" | \ + tr ' ' "$nl" < "$tmpdepfile" | \ ## Some versions of the HPUX 10.20 sed can't process this invocation ## correctly. Breaking it into two sed invocations is a workaround. sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile" @@ -503,9 +659,10 @@ touch "$tmpdepfile" ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@" rm -f "$depfile" - cat < "$tmpdepfile" > "$depfile" - sed '1,2d' "$tmpdepfile" | tr ' ' ' -' | \ + # makedepend may prepend the VPATH from the source file name to the object. + # No need to regex-escape $object, excess matching of '.' is harmless. + sed "s|^.*\($object *:\)|\1|" "$tmpdepfile" > "$depfile" + sed '1,2d' "$tmpdepfile" | tr ' ' "$nl" | \ ## Some versions of the HPUX 10.20 sed can't process this invocation ## correctly. Breaking it into two sed invocations is a workaround. sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile" @@ -525,7 +682,7 @@ shift fi - # Remove `-o $object'. + # Remove '-o $object'. IFS=" " for arg do @@ -594,8 +751,8 @@ sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile" rm -f "$depfile" echo "$object : \\" > "$depfile" - sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s:: \1 \\:p' >> "$depfile" - echo " " >> "$depfile" + sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::'"$tab"'\1 \\:p' >> "$depfile" + echo "$tab" >> "$depfile" sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::\1\::p' >> "$depfile" rm -f "$tmpdepfile" ;; diff -Nru shibboleth-sp2-2.4.3+dfsg/build-aux/install-sh shibboleth-sp2-2.5.2+dfsg/build-aux/install-sh --- shibboleth-sp2-2.4.3+dfsg/build-aux/install-sh 2011-06-28 01:29:27.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/build-aux/install-sh 2013-06-16 22:06:20.000000000 +0000 @@ -1,7 +1,7 @@ #!/bin/sh # install - install a program, script, or datafile -scriptversion=2009-04-28.21; # UTC +scriptversion=2011-11-20.07; # UTC # This originates from X11R5 (mit/util/scripts/install.sh), which was # later released in X11R6 (xc/config/util/install.sh) with the @@ -35,7 +35,7 @@ # FSF changes to this file are in the public domain. # # Calling this script install-sh is preferred over install.sh, to prevent -# `make' implicit rules from creating a file called install from it +# 'make' implicit rules from creating a file called install from it # when there is no Makefile. # # This script is compatible with the BSD install script, but was written @@ -156,6 +156,10 @@ -s) stripcmd=$stripprog;; -t) dst_arg=$2 + # Protect names problematic for 'test' and other utilities. + case $dst_arg in + -* | [=\(\)!]) dst_arg=./$dst_arg;; + esac shift;; -T) no_target_directory=true;; @@ -186,6 +190,10 @@ fi shift # arg dst_arg=$arg + # Protect names problematic for 'test' and other utilities. + case $dst_arg in + -* | [=\(\)!]) dst_arg=./$dst_arg;; + esac done fi @@ -194,13 +202,17 @@ echo "$0: no input file specified." >&2 exit 1 fi - # It's OK to call `install-sh -d' without argument. + # It's OK to call 'install-sh -d' without argument. # This can happen when creating conditional directories. exit 0 fi if test -z "$dir_arg"; then - trap '(exit $?); exit' 1 2 13 15 + do_exit='(exit $ret); exit $ret' + trap "ret=129; $do_exit" 1 + trap "ret=130; $do_exit" 2 + trap "ret=141; $do_exit" 13 + trap "ret=143; $do_exit" 15 # Set umask so as not to create temps with too-generous modes. # However, 'strip' requires both read and write access to temps. @@ -228,9 +240,9 @@ for src do - # Protect names starting with `-'. + # Protect names problematic for 'test' and other utilities. case $src in - -*) src=./$src;; + -* | [=\(\)!]) src=./$src;; esac if test -n "$dir_arg"; then @@ -252,12 +264,7 @@ echo "$0: no destination specified." >&2 exit 1 fi - dst=$dst_arg - # Protect names starting with `-'. - case $dst in - -*) dst=./$dst;; - esac # If destination is a directory, append the input filename; won't work # if double slashes aren't ignored. @@ -347,7 +354,7 @@ if test -z "$dir_arg" || { # Check for POSIX incompatibilities with -m. # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or - # other-writeable bit of parent directory when it shouldn't. + # other-writable bit of parent directory when it shouldn't. # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. ls_ld_tmpdir=`ls -ld "$tmpdir"` case $ls_ld_tmpdir in @@ -385,7 +392,7 @@ case $dstdir in /*) prefix='/';; - -*) prefix='./';; + [-=\(\)!]*) prefix='./';; *) prefix='';; esac @@ -403,7 +410,7 @@ for d do - test -z "$d" && continue + test X"$d" = X && continue prefix=$prefix$d if test -d "$prefix"; then diff -Nru shibboleth-sp2-2.4.3+dfsg/build-aux/ltmain.sh shibboleth-sp2-2.5.2+dfsg/build-aux/ltmain.sh --- shibboleth-sp2-2.4.3+dfsg/build-aux/ltmain.sh 2011-06-28 01:29:17.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/build-aux/ltmain.sh 2013-06-16 22:06:14.000000000 +0000 @@ -1,9 +1,9 @@ -# libtool (GNU libtool) 2.4 +# libtool (GNU libtool) 2.4.2 # Written by Gordon Matzigkeit , 1996 # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006, -# 2007, 2008, 2009, 2010 Free Software Foundation, Inc. +# 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc. # This is free software; see the source for copying conditions. There is NO # warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -41,6 +41,7 @@ # --quiet, --silent don't print informational messages # --no-quiet, --no-silent # print informational messages (default) +# --no-warn don't display warning messages # --tag=TAG use configuration variables from tag TAG # -v, --verbose print more informational messages than default # --no-verbose don't print the extra informational messages @@ -69,7 +70,7 @@ # compiler: $LTCC # compiler flags: $LTCFLAGS # linker: $LD (gnu? $with_gnu_ld) -# $progname: (GNU libtool) 2.4 +# $progname: (GNU libtool) 2.4.2 # automake: $automake_version # autoconf: $autoconf_version # @@ -79,9 +80,9 @@ PROGRAM=libtool PACKAGE=libtool -VERSION=2.4 +VERSION=2.4.2 TIMESTAMP="" -package_revision=1.3293 +package_revision=1.3337 # Be Bourne compatible if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then @@ -136,15 +137,10 @@ : ${CP="cp -f"} test "${ECHO+set}" = set || ECHO=${as_echo-'printf %s\n'} -: ${EGREP="grep -E"} -: ${FGREP="grep -F"} -: ${GREP="grep"} -: ${LN_S="ln -s"} : ${MAKE="make"} : ${MKDIR="mkdir"} : ${MV="mv -f"} : ${RM="rm -f"} -: ${SED="sed"} : ${SHELL="${CONFIG_SHELL-/bin/sh}"} : ${Xsed="$SED -e 1s/^X//"} @@ -387,7 +383,7 @@ ;; *) save_IFS="$IFS" - IFS=: + IFS=${PATH_SEPARATOR-:} for progdir in $PATH; do IFS="$save_IFS" test -x "$progdir/$progname" && break @@ -771,8 +767,8 @@ s*\$LTCFLAGS*'"$LTCFLAGS"'* s*\$LD*'"$LD"'* s/\$with_gnu_ld/'"$with_gnu_ld"'/ - s/\$automake_version/'"`(automake --version) 2>/dev/null |$SED 1q`"'/ - s/\$autoconf_version/'"`(autoconf --version) 2>/dev/null |$SED 1q`"'/ + s/\$automake_version/'"`(${AUTOMAKE-automake} --version) 2>/dev/null |$SED 1q`"'/ + s/\$autoconf_version/'"`(${AUTOCONF-autoconf} --version) 2>/dev/null |$SED 1q`"'/ p d } @@ -1052,6 +1048,7 @@ opt_help=false opt_help_all=false opt_silent=: +opt_warning=: opt_verbose=: opt_silent=false opt_verbose=false @@ -1120,6 +1117,10 @@ opt_silent=false func_append preserve_args " $opt" ;; + --no-warning|--no-warn) + opt_warning=false +func_append preserve_args " $opt" + ;; --no-verbose) opt_verbose=false func_append preserve_args " $opt" @@ -2089,7 +2090,7 @@ *.[cCFSifmso] | \ *.ada | *.adb | *.ads | *.asm | \ *.c++ | *.cc | *.ii | *.class | *.cpp | *.cxx | \ - *.[fF][09]? | *.for | *.java | *.obj | *.sx | *.cu | *.cup) + *.[fF][09]? | *.for | *.java | *.go | *.obj | *.sx | *.cu | *.cup) func_xform "$libobj" libobj=$func_xform_result ;; @@ -3231,11 +3232,13 @@ # Set up the ranlib parameters. oldlib="$destdir/$name" + func_to_tool_file "$oldlib" func_convert_file_msys_to_w32 + tool_oldlib=$func_to_tool_file_result func_show_eval "$install_prog \$file \$oldlib" 'exit $?' if test -n "$stripme" && test -n "$old_striplib"; then - func_show_eval "$old_striplib $oldlib" 'exit $?' + func_show_eval "$old_striplib $tool_oldlib" 'exit $?' fi # Do each command in the postinstall commands. @@ -3500,7 +3503,7 @@ # linked before any other PIC object. But we must not use # pic_flag when linking with -static. The problem exists in # FreeBSD 2.2.6 and is fixed in FreeBSD 3.1. - *-*-freebsd2*|*-*-freebsd3.0*|*-*-freebsdelf3.0*) + *-*-freebsd2.*|*-*-freebsd3.0*|*-*-freebsdelf3.0*) pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND" ;; *-*-hpux*) pic_flag_for_symtable=" $pic_flag" ;; @@ -4015,14 +4018,17 @@ # launches target application with the remaining arguments. func_exec_program () { - for lt_wr_arg - do - case \$lt_wr_arg in - --lt-*) ;; - *) set x \"\$@\" \"\$lt_wr_arg\"; shift;; - esac - shift - done + case \" \$* \" in + *\\ --lt-*) + for lt_wr_arg + do + case \$lt_wr_arg in + --lt-*) ;; + *) set x \"\$@\" \"\$lt_wr_arg\"; shift;; + esac + shift + done ;; + esac func_exec_program_core \${1+\"\$@\"} } @@ -5090,9 +5096,15 @@ { EOF func_emit_wrapper yes | - $SED -e 's/\([\\"]\)/\\\1/g' \ - -e 's/^/ fputs ("/' -e 's/$/\\n", f);/' - + $SED -n -e ' +s/^\(.\{79\}\)\(..*\)/\1\ +\2/ +h +s/\([\\"]\)/\\\1/g +s/$/\\n/ +s/\([^\n]*\).*/ fputs ("\1", f);/p +g +D' cat <<"EOF" } EOF @@ -5677,7 +5689,8 @@ continue ;; - -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads) + -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \ + |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*) func_append compiler_flags " $arg" func_append compile_command " $arg" func_append finalize_command " $arg" @@ -6181,7 +6194,8 @@ lib= found=no case $deplib in - -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads) + -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \ + |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*) if test "$linkmode,$pass" = "prog,link"; then compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" @@ -6882,7 +6896,7 @@ test "$hardcode_direct_absolute" = no; then add="$dir/$linklib" elif test "$hardcode_minus_L" = yes; then - add_dir="-L$dir" + add_dir="-L$absdir" # Try looking first in the location we're being installed to. if test -n "$inst_prefix_dir"; then case $libdir in @@ -7367,6 +7381,7 @@ # which has an extra 1 added just for fun # case $version_type in + # correct linux to gnu/linux during the next big refactor darwin|linux|osf|windows|none) func_arith $number_major + $number_minor current=$func_arith_result @@ -7483,7 +7498,7 @@ versuffix="$major.$revision" ;; - linux) + linux) # correct to gnu/linux during the next big refactor func_arith $current - $age major=.$func_arith_result versuffix="$major.$age.$revision" @@ -8071,6 +8086,11 @@ # Test again, we may have decided not to build it any more if test "$build_libtool_libs" = yes; then + # Remove ${wl} instances when linking with ld. + # FIXME: should test the right _cmds variable. + case $archive_cmds in + *\$LD\ *) wl= ;; + esac if test "$hardcode_into_libs" = yes; then # Hardcode the library paths hardcode_libdirs= @@ -8101,7 +8121,7 @@ elif test -n "$runpath_var"; then case "$perm_rpath " in *" $libdir "*) ;; - *) func_apped perm_rpath " $libdir" ;; + *) func_append perm_rpath " $libdir" ;; esac fi done @@ -8109,11 +8129,7 @@ if test -n "$hardcode_libdir_separator" && test -n "$hardcode_libdirs"; then libdir="$hardcode_libdirs" - if test -n "$hardcode_libdir_flag_spec_ld"; then - eval dep_rpath=\"$hardcode_libdir_flag_spec_ld\" - else - eval dep_rpath=\"$hardcode_libdir_flag_spec\" - fi + eval "dep_rpath=\"$hardcode_libdir_flag_spec\"" fi if test -n "$runpath_var" && test -n "$perm_rpath"; then # We should set the runpath_var. @@ -9203,6 +9219,8 @@ esac done fi + func_to_tool_file "$oldlib" func_convert_file_msys_to_w32 + tool_oldlib=$func_to_tool_file_result eval cmds=\"$old_archive_cmds\" func_len " $cmds" @@ -9312,7 +9330,8 @@ *.la) func_basename "$deplib" name="$func_basename_result" - eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib` + func_resolve_sysroot "$deplib" + eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $func_resolve_sysroot_result` test -z "$libdir" && \ func_fatal_error "\`$deplib' is not a valid libtool archive" func_append newdependency_libs " ${lt_sysroot:+=}$libdir/$name" diff -Nru shibboleth-sp2-2.4.3+dfsg/build-aux/missing shibboleth-sp2-2.5.2+dfsg/build-aux/missing --- shibboleth-sp2-2.4.3+dfsg/build-aux/missing 2011-06-28 01:29:27.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/build-aux/missing 2013-06-16 22:06:20.000000000 +0000 @@ -1,10 +1,9 @@ #! /bin/sh # Common stub for a few missing GNU programs while installing. -scriptversion=2009-04-28.21; # UTC +scriptversion=2012-01-06.18; # UTC -# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006, -# 2008, 2009 Free Software Foundation, Inc. +# Copyright (C) 1996-2012 Free Software Foundation, Inc. # Originally by Fran,cois Pinard , 1996. # This program is free software; you can redistribute it and/or modify @@ -26,7 +25,7 @@ # the same distribution terms that you use for the rest of that program. if test $# -eq 0; then - echo 1>&2 "Try \`$0 --help' for more information" + echo 1>&2 "Try '$0 --help' for more information" exit 1 fi @@ -34,7 +33,7 @@ sed_output='s/.* --output[ =]\([^ ]*\).*/\1/p' sed_minuso='s/.* -o \([^ ]*\).*/\1/p' -# In the cases where this matters, `missing' is being run in the +# In the cases where this matters, 'missing' is being run in the # srcdir already. if test -f configure.ac; then configure_ac=configure.ac @@ -65,7 +64,7 @@ echo "\ $0 [OPTION]... PROGRAM [ARGUMENT]... -Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an +Handle 'PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an error status if there is no known handling for PROGRAM. Options: @@ -74,21 +73,20 @@ --run try to run the given command, and emulate it if it fails Supported PROGRAM values: - aclocal touch file \`aclocal.m4' - autoconf touch file \`configure' - autoheader touch file \`config.h.in' + aclocal touch file 'aclocal.m4' + autoconf touch file 'configure' + autoheader touch file 'config.h.in' autom4te touch the output file, or create a stub one - automake touch all \`Makefile.in' files - bison create \`y.tab.[ch]', if possible, from existing .[ch] - flex create \`lex.yy.c', if possible, from existing .c + automake touch all 'Makefile.in' files + bison create 'y.tab.[ch]', if possible, from existing .[ch] + flex create 'lex.yy.c', if possible, from existing .c help2man touch the output file - lex create \`lex.yy.c', if possible, from existing .c + lex create 'lex.yy.c', if possible, from existing .c makeinfo touch the output file - tar try tar, gnutar, gtar, then tar without non-portable flags - yacc create \`y.tab.[ch]', if possible, from existing .[ch] + yacc create 'y.tab.[ch]', if possible, from existing .[ch] -Version suffixes to PROGRAM as well as the prefixes \`gnu-', \`gnu', and -\`g' are ignored when checking the name. +Version suffixes to PROGRAM as well as the prefixes 'gnu-', 'gnu', and +'g' are ignored when checking the name. Send bug reports to ." exit $? @@ -100,8 +98,8 @@ ;; -*) - echo 1>&2 "$0: Unknown \`$1' option" - echo 1>&2 "Try \`$0 --help' for more information" + echo 1>&2 "$0: Unknown '$1' option" + echo 1>&2 "Try '$0 --help' for more information" exit 1 ;; @@ -122,22 +120,13 @@ # Not GNU programs, they don't have --version. ;; - tar*) - if test -n "$run"; then - echo 1>&2 "ERROR: \`tar' requires --run" - exit 1 - elif test "x$2" = "x--version" || test "x$2" = "x--help"; then - exit 1 - fi - ;; - *) if test -z "$run" && ($1 --version) > /dev/null 2>&1; then # We have it, but it failed. exit 1 elif test "x$2" = "x--version" || test "x$2" = "x--help"; then # Could not run --version or --help. This is probably someone - # running `$TOOL --version' or `$TOOL --help' to check whether + # running '$TOOL --version' or '$TOOL --help' to check whether # $TOOL exists and not knowing $TOOL uses missing. exit 1 fi @@ -149,27 +138,27 @@ case $program in aclocal*) echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified \`acinclude.m4' or \`${configure_ac}'. You might want - to install the \`Automake' and \`Perl' packages. Grab them from +WARNING: '$1' is $msg. You should only need it if + you modified 'acinclude.m4' or '${configure_ac}'. You might want + to install the Automake and Perl packages. Grab them from any GNU archive site." touch aclocal.m4 ;; autoconf*) echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified \`${configure_ac}'. You might want to install the - \`Autoconf' and \`GNU m4' packages. Grab them from any GNU +WARNING: '$1' is $msg. You should only need it if + you modified '${configure_ac}'. You might want to install the + Autoconf and GNU m4 packages. Grab them from any GNU archive site." touch configure ;; autoheader*) echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified \`acconfig.h' or \`${configure_ac}'. You might want - to install the \`Autoconf' and \`GNU m4' packages. Grab them +WARNING: '$1' is $msg. You should only need it if + you modified 'acconfig.h' or '${configure_ac}'. You might want + to install the Autoconf and GNU m4 packages. Grab them from any GNU archive site." files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}` test -z "$files" && files="config.h" @@ -186,9 +175,9 @@ automake*) echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'. - You might want to install the \`Automake' and \`Perl' packages. +WARNING: '$1' is $msg. You should only need it if + you modified 'Makefile.am', 'acinclude.m4' or '${configure_ac}'. + You might want to install the Automake and Perl packages. Grab them from any GNU archive site." find . -type f -name Makefile.am -print | sed 's/\.am$/.in/' | @@ -197,10 +186,10 @@ autom4te*) echo 1>&2 "\ -WARNING: \`$1' is needed, but is $msg. +WARNING: '$1' is needed, but is $msg. You might have modified some files without having the proper tools for further handling them. - You can get \`$1' as part of \`Autoconf' from any GNU + You can get '$1' as part of Autoconf from any GNU archive site." file=`echo "$*" | sed -n "$sed_output"` @@ -220,13 +209,13 @@ bison*|yacc*) echo 1>&2 "\ -WARNING: \`$1' $msg. You should only need it if - you modified a \`.y' file. You may need the \`Bison' package +WARNING: '$1' $msg. You should only need it if + you modified a '.y' file. You may need the Bison package in order for those modifications to take effect. You can get - \`Bison' from any GNU archive site." + Bison from any GNU archive site." rm -f y.tab.c y.tab.h if test $# -ne 1; then - eval LASTARG="\${$#}" + eval LASTARG=\${$#} case $LASTARG in *.y) SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'` @@ -250,13 +239,13 @@ lex*|flex*) echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified a \`.l' file. You may need the \`Flex' package +WARNING: '$1' is $msg. You should only need it if + you modified a '.l' file. You may need the Flex package in order for those modifications to take effect. You can get - \`Flex' from any GNU archive site." + Flex from any GNU archive site." rm -f lex.yy.c if test $# -ne 1; then - eval LASTARG="\${$#}" + eval LASTARG=\${$#} case $LASTARG in *.l) SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'` @@ -273,10 +262,10 @@ help2man*) echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if +WARNING: '$1' is $msg. You should only need it if you modified a dependency of a manual page. You may need the - \`Help2man' package in order for those modifications to take - effect. You can get \`Help2man' from any GNU archive site." + Help2man package in order for those modifications to take + effect. You can get Help2man from any GNU archive site." file=`echo "$*" | sed -n "$sed_output"` test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"` @@ -291,12 +280,12 @@ makeinfo*) echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified a \`.texi' or \`.texinfo' file, or any other file +WARNING: '$1' is $msg. You should only need it if + you modified a '.texi' or '.texinfo' file, or any other file indirectly affecting the aspect of the manual. The spurious - call might also be the consequence of using a buggy \`make' (AIX, - DU, IRIX). You might want to install the \`Texinfo' package or - the \`GNU make' package. Grab either from any GNU archive site." + call might also be the consequence of using a buggy 'make' (AIX, + DU, IRIX). You might want to install the Texinfo package or + the GNU make package. Grab either from any GNU archive site." # The file to touch is that specified with -o ... file=`echo "$*" | sed -n "$sed_output"` test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"` @@ -318,49 +307,14 @@ touch $file ;; - tar*) - shift - - # We have already tried tar in the generic part. - # Look for gnutar/gtar before invocation to avoid ugly error - # messages. - if (gnutar --version > /dev/null 2>&1); then - gnutar "$@" && exit 0 - fi - if (gtar --version > /dev/null 2>&1); then - gtar "$@" && exit 0 - fi - firstarg="$1" - if shift; then - case $firstarg in - *o*) - firstarg=`echo "$firstarg" | sed s/o//` - tar "$firstarg" "$@" && exit 0 - ;; - esac - case $firstarg in - *h*) - firstarg=`echo "$firstarg" | sed s/h//` - tar "$firstarg" "$@" && exit 0 - ;; - esac - fi - - echo 1>&2 "\ -WARNING: I can't seem to be able to run \`tar' with the given arguments. - You may want to install GNU tar or Free paxutils, or check the - command line arguments." - exit 1 - ;; - *) echo 1>&2 "\ -WARNING: \`$1' is needed, and is $msg. +WARNING: '$1' is needed, and is $msg. You might have modified some files without having the - proper tools for further handling them. Check the \`README' file, + proper tools for further handling them. Check the 'README' file, it often tells you about the needed prerequisites for installing this package. You may also peek at any GNU archive site, in case - some other package would contain this missing \`$1' program." + some other package would contain this missing '$1' program." exit 1 ;; esac diff -Nru shibboleth-sp2-2.4.3+dfsg/config.h.in shibboleth-sp2-2.5.2+dfsg/config.h.in --- shibboleth-sp2-2.4.3+dfsg/config.h.in 2011-06-28 01:29:26.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/config.h.in 2013-06-16 22:06:19.000000000 +0000 @@ -1,5 +1,29 @@ /* config.h.in. Generated from configure.ac by autoheader. */ +/* Defined if the requested minimum BOOST version is satisfied */ +#undef HAVE_BOOST + +/* Define to 1 if you have */ +#undef HAVE_BOOST_ALGORITHM_STRING_HPP + +/* Define to 1 if you have */ +#undef HAVE_BOOST_BIND_HPP + +/* Define to 1 if you have */ +#undef HAVE_BOOST_LAMBDA_LAMBDA_HPP + +/* Define to 1 if you have */ +#undef HAVE_BOOST_PTR_CONTAINER_PTR_VECTOR_HPP + +/* Define to 1 if you have */ +#undef HAVE_BOOST_SCOPED_PTR_HPP + +/* Define to 1 if you have */ +#undef HAVE_BOOST_SHARED_PTR_HPP + +/* Define to 1 if you have */ +#undef HAVE_BOOST_TUPLE_TUPLE_HPP + /* Define if ctime_r is present with 2 parameters. */ #undef HAVE_CTIME_R_2 @@ -13,9 +37,18 @@ /* Define to 1 if you have the header file. */ #undef HAVE_DLFCN_H +/* Define to 1 if you have the `getgrnam' function. */ +#undef HAVE_GETGRNAM + +/* Define to 1 if you have the `getpwnam' function. */ +#undef HAVE_GETPWNAM + /* Define to 1 if you have the `gmtime_r' function. */ #undef HAVE_GMTIME_R +/* Define to 1 if you have the header file. */ +#undef HAVE_GRP_H + /* Define to 1 if GSS-API composite name import is available. */ #undef HAVE_GSSAPI_COMPOSITE_NAME @@ -34,6 +67,12 @@ /* Define to 1 if you have the header file. */ #undef HAVE_INTTYPES_H +/* Define to 1 if you have the `localtime_r' function. */ +#undef HAVE_LOCALTIME_R + +/* Define to 1 if libmemcached supports error handling function. */ +#undef HAVE_MEMCACHED_LAST_ERROR_MESSAGE + /* Define to 1 if you have the header file. */ #undef HAVE_MEMORY_H @@ -47,6 +86,12 @@ /* Define if you have POSIX threads libraries and header files. */ #undef HAVE_PTHREAD +/* Define to 1 if you have the header file. */ +#undef HAVE_PWD_H + +/* Define if the SOCK_CLOEXEC flag is supported */ +#undef HAVE_SOCK_CLOEXEC + /* Define to 1 if you have the header file. */ #undef HAVE_STDINT_H @@ -80,6 +125,15 @@ /* Define to 1 if you have the `strtok_r' function. */ #undef HAVE_STRTOK_R +/* Define to 1 if `sa_len' is a member of `struct sockaddr'. */ +#undef HAVE_STRUCT_SOCKADDR_SA_LEN + +/* Define to 1 if the system has the type `struct sockaddr_storage'. */ +#undef HAVE_STRUCT_SOCKADDR_STORAGE + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_SOCKET_H + /* Define to 1 if you have the header file. */ #undef HAVE_SYS_STAT_H @@ -136,6 +190,9 @@ /* if you have the MIT gssapi libraries */ #undef SHIBSP_HAVE_GSSMIT +/* Define to 1 if you have the header file. */ +#undef SHIBSP_HAVE_SYS_SOCKET_H + /* Define to 1 if log4cpp library is used. */ #undef SHIBSP_LOG4CPP diff -Nru shibboleth-sp2-2.4.3+dfsg/config_win32.h shibboleth-sp2-2.5.2+dfsg/config_win32.h --- shibboleth-sp2-2.4.3+dfsg/config_win32.h 2011-06-28 00:39:28.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/config_win32.h 2013-05-19 23:35:08.000000000 +0000 @@ -122,6 +122,9 @@ /* Define to 1 if you have the header file. */ /* #undef HAVE_UNISTD_H */ +/* Define to 1 if the system has the type `struct sockaddr_storage'. */ +#define HAVE_STRUCT_SOCKADDR_STORAGE 1 + /* Name of package */ #define PACKAGE "shibboleth" @@ -132,13 +135,13 @@ #define PACKAGE_NAME "shibboleth" /* Define to the full name and version of this package. */ -#define PACKAGE_STRING "shibboleth 2.4.3" +#define PACKAGE_STRING "shibboleth 2.5.2" /* Define to the one symbol short name of this package. */ -#define PACKAGE_TARNAME "shibboleth" +#define PACKAGE_TARNAME "shibboleth-sp" /* Define to the version of this package. */ -#define PACKAGE_VERSION "2.4.3" +#define PACKAGE_VERSION "2.5.2" /* Define to the necessary symbol if this constant uses a non-standard name on your system. */ @@ -151,7 +154,7 @@ /* #undef TM_IN_SYS_TIME */ /* Version number of package */ -#define VERSION "2.4.3" +#define VERSION "2.5.2" /* Define to empty if `const' does not conform to ANSI C. */ /* #undef const */ diff -Nru shibboleth-sp2-2.4.3+dfsg/configs/Makefile.am shibboleth-sp2-2.5.2+dfsg/configs/Makefile.am --- shibboleth-sp2-2.4.3+dfsg/configs/Makefile.am 2011-06-28 00:39:28.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/configs/Makefile.am 2012-12-04 04:49:50.000000000 +0000 @@ -1,14 +1,15 @@ -## $Id: Makefile.am 3293 2010-08-13 04:23:23Z cantor $ +## $Id: Makefile.am 3779 2012-10-09 20:04:57Z scantor $ AUTOMAKE_OPTIONS = foreign -pkglibdir = ${libdir}/@PACKAGE@ -pkglogdir = ${localstatedir}/log/@PACKAGE@ -pkgdocdir = $(datadir)/doc/@PACKAGE@-@PACKAGE_VERSION@ +pkglibdir = ${libdir}/@PACKAGE_NAME@ +pkglogdir = ${localstatedir}/log/@PACKAGE_NAME@ shirelogdir = ${localstatedir}/log/httpd -pkgxmldir = $(datadir)/xml/@PACKAGE@ -pkgrundir = $(localstatedir)/run/@PACKAGE@ -pkgsysconfdir = $(sysconfdir)/@PACKAGE@ +pkgxmldir = $(datadir)/xml/@PACKAGE_NAME@ +pkgwebdir = $(datadir)/@PACKAGE_NAME@ +pkgrundir = $(localstatedir)/run/@PACKAGE_NAME@ +pkgcachedir = $(localstatedir)/cache/@PACKAGE_NAME@ +pkgsysconfdir = $(sysconfdir)/@PACKAGE_NAME@ pkgsysconf_DATA = \ shibd-redhat \ shibd-suse \ @@ -17,6 +18,7 @@ apache.config \ apache2.config \ apache22.config \ + apache24.config \ keygen.sh \ metagen.sh \ upgrade.xsl @@ -42,11 +44,12 @@ console.logger \ syslog.logger \ accessError.html \ + attrChecker.html \ sessionError.html \ metadataError.html \ bindingTemplate.html \ discoveryTemplate.html \ - postTemplate.html \ + postTemplate.html \ localLogout.html \ globalLogout.html \ partialLogout.html \ @@ -58,14 +61,14 @@ do-build-file: rm -f ${FILE}.tmp sed < ${srcdir}/${FILE}.in > ${FILE}.tmp \ - -e 's:@-PREFIX-@:${prefix}:g' \ - -e 's:@-PKGLIBDIR-@:${pkglibdir}:g' \ - -e 's:@-PKGSYSCONFDIR-@:${pkgsysconfdir}:g' \ - -e 's:@-PKGDOCDIR-@:${pkgdocdir}:g' \ - -e 's:@-PKGXMLDIR-@:${pkgxmldir}:g' \ - -e 's:@-PKGLOGDIR-@:${pkglogdir}:g' \ - -e 's:@-SHIRELOGDIR-@:${shirelogdir}:g' \ - -e 's:@-PKGRUNDIR-@:${pkgrundir}:g' + -e 's:@-PREFIX-@:${prefix}:g' \ + -e 's:@-PKGLIBDIR-@:${pkglibdir}:g' \ + -e 's:@-PKGSYSCONFDIR-@:${pkgsysconfdir}:g' \ + -e 's:@-PKGXMLDIR-@:${pkgxmldir}:g' \ + -e 's:@-PKGWEBDIR-@:${pkgwebdir}:g' \ + -e 's:@-PKGLOGDIR-@:${pkglogdir}:g' \ + -e 's:@-SHIRELOGDIR-@:${shirelogdir}:g' \ + -e 's:@-PKGRUNDIR-@:${pkgrundir}:g' cmp -s ${FILE} ${FILE}.tmp || mv ${FILE}.tmp ${FILE} rm -f ${FILE}.tmp @@ -78,6 +81,9 @@ apache22.config: ${srcdir}/apache22.config.in Makefile ${top_builddir}/config.status $(MAKE) do-build-file FILE=$@ +apache24.config: ${srcdir}/apache24.config.in Makefile ${top_builddir}/config.status + $(MAKE) do-build-file FILE=$@ + shibd-redhat: ${srcdir}/shibd-redhat.in Makefile ${top_builddir}/config.status $(MAKE) do-build-file FILE=$@ @@ -100,9 +106,9 @@ install-data-local: all-data-local $(mkinstalldirs) $(DESTDIR)$(pkglogdir) - $(mkinstalldirs) $(DESTDIR)$(pkgdocdir) $(mkinstalldirs) $(DESTDIR)$(shirelogdir) $(mkinstalldirs) $(DESTDIR)$(pkgrundir) + $(mkinstalldirs) $(DESTDIR)$(pkgcachedir) $(mkinstalldirs) $(DESTDIR)$(pkgxmldir) $(mkinstalldirs) $(DESTDIR)$(pkgsysconfdir) for f in $(BUILTCONFIGFILES); do \ @@ -130,6 +136,7 @@ apache.config \ apache2.config \ apache22.config \ + apache24.config \ shibd-redhat \ shibd-suse \ shibd-debian \ @@ -143,6 +150,7 @@ apache.config.in \ apache2.config.in \ apache22.config.in \ + apache24.config.in \ shibd-redhat.in \ shibd-suse.in \ shibd-debian.in \ @@ -150,6 +158,8 @@ keygen.bat \ keygen.sh \ metagen.sh \ + SetService32.bat \ + SetService64.bat \ upgrade.xsl \ xsltproc.js \ $(CONFIGFILES) diff -Nru shibboleth-sp2-2.4.3+dfsg/configs/Makefile.in shibboleth-sp2-2.5.2+dfsg/configs/Makefile.in --- shibboleth-sp2-2.4.3+dfsg/configs/Makefile.in 2011-06-28 01:29:27.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/configs/Makefile.in 2013-06-16 22:06:20.000000000 +0000 @@ -1,9 +1,8 @@ -# Makefile.in generated by automake 1.11.1 from Makefile.am. +# Makefile.in generated by automake 1.12.6 from Makefile.am. # @configure_input@ -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, -# Inc. +# Copyright (C) 1994-2012 Free Software Foundation, Inc. + # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,6 +15,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ @@ -37,10 +53,11 @@ DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/acinclude.m4 \ - $(top_srcdir)/m4/acx_pthread.m4 $(top_srcdir)/m4/doxygen.m4 \ - $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ - $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ - $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac + $(top_srcdir)/m4/acx_pthread.m4 $(top_srcdir)/m4/boost.m4 \ + $(top_srcdir)/m4/doxygen.m4 $(top_srcdir)/m4/libtool.m4 \ + $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ + $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ + $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d @@ -50,6 +67,11 @@ CONFIG_CLEAN_VPATH_FILES = SOURCES = DIST_SOURCES = +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ @@ -71,10 +93,16 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } am__installdirs = "$(DESTDIR)$(pkgsysconfdir)" DATA = $(pkgsysconf_DATA) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -pkglibdir = ${libdir}/@PACKAGE@ +pkglibdir = ${libdir}/@PACKAGE_NAME@ ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ APR1_CONFIG = @APR1_CONFIG@ @@ -86,6 +114,9 @@ APXS22 = @APXS22@ APXS22_CFLAGS = @APXS22_CFLAGS@ APXS22_INCLUDE = @APXS22_INCLUDE@ +APXS24 = @APXS24@ +APXS24_CFLAGS = @APXS24_CFLAGS@ +APXS24_INCLUDE = @APXS24_INCLUDE@ APXS2_CFLAGS = @APXS2_CFLAGS@ APXS2_INCLUDE = @APXS2_INCLUDE@ APXS_CFLAGS = @APXS_CFLAGS@ @@ -95,6 +126,8 @@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ +BOOST_CPPFLAGS = @BOOST_CPPFLAGS@ +BOOST_ROOT = @BOOST_ROOT@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ @@ -107,6 +140,7 @@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ +DISTCHECK_CONFIGURE_FLAGS = @DISTCHECK_CONFIGURE_FLAGS@ DLLTOOL = @DLLTOOL@ DOXYGEN_PAPER_SIZE = @DOXYGEN_PAPER_SIZE@ DSYMUTIL = @DSYMUTIL@ @@ -254,12 +288,13 @@ top_srcdir = @top_srcdir@ xs = @xs@ AUTOMAKE_OPTIONS = foreign -pkglogdir = ${localstatedir}/log/@PACKAGE@ -pkgdocdir = $(datadir)/doc/@PACKAGE@-@PACKAGE_VERSION@ +pkglogdir = ${localstatedir}/log/@PACKAGE_NAME@ shirelogdir = ${localstatedir}/log/httpd -pkgxmldir = $(datadir)/xml/@PACKAGE@ -pkgrundir = $(localstatedir)/run/@PACKAGE@ -pkgsysconfdir = $(sysconfdir)/@PACKAGE@ +pkgxmldir = $(datadir)/xml/@PACKAGE_NAME@ +pkgwebdir = $(datadir)/@PACKAGE_NAME@ +pkgrundir = $(localstatedir)/run/@PACKAGE_NAME@ +pkgcachedir = $(localstatedir)/cache/@PACKAGE_NAME@ +pkgsysconfdir = $(sysconfdir)/@PACKAGE_NAME@ pkgsysconf_DATA = \ shibd-redhat \ shibd-suse \ @@ -268,6 +303,7 @@ apache.config \ apache2.config \ apache22.config \ + apache24.config \ keygen.sh \ metagen.sh \ upgrade.xsl @@ -295,11 +331,12 @@ console.logger \ syslog.logger \ accessError.html \ + attrChecker.html \ sessionError.html \ metadataError.html \ bindingTemplate.html \ discoveryTemplate.html \ - postTemplate.html \ + postTemplate.html \ localLogout.html \ globalLogout.html \ partialLogout.html \ @@ -309,6 +346,7 @@ apache.config \ apache2.config \ apache22.config \ + apache24.config \ shibd-redhat \ shibd-suse \ shibd-debian \ @@ -322,6 +360,7 @@ apache.config.in \ apache2.config.in \ apache22.config.in \ + apache24.config.in \ shibd-redhat.in \ shibd-suse.in \ shibd-debian.in \ @@ -329,6 +368,8 @@ keygen.bat \ keygen.sh \ metagen.sh \ + SetService32.bat \ + SetService64.bat \ upgrade.xsl \ xsltproc.js \ $(CONFIGFILES) @@ -374,8 +415,11 @@ -rm -rf .libs _libs install-pkgsysconfDATA: $(pkgsysconf_DATA) @$(NORMAL_INSTALL) - test -z "$(pkgsysconfdir)" || $(MKDIR_P) "$(DESTDIR)$(pkgsysconfdir)" @list='$(pkgsysconf_DATA)'; test -n "$(pkgsysconfdir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(pkgsysconfdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(pkgsysconfdir)" || exit 1; \ + fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ @@ -389,15 +433,15 @@ @$(NORMAL_UNINSTALL) @list='$(pkgsysconf_DATA)'; test -n "$(pkgsysconfdir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ - test -n "$$files" || exit 0; \ - echo " ( cd '$(DESTDIR)$(pkgsysconfdir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(pkgsysconfdir)" && rm -f $$files + dir='$(DESTDIR)$(pkgsysconfdir)'; $(am__uninstall_files_from_dir) tags: TAGS TAGS: ctags: CTAGS CTAGS: +cscope cscopelist: + distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ @@ -446,10 +490,15 @@ installcheck: installcheck-am install-strip: - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - `test -z '$(STRIP)' || \ - echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi mostlyclean-generic: clean-generic: @@ -551,14 +600,14 @@ do-build-file: rm -f ${FILE}.tmp sed < ${srcdir}/${FILE}.in > ${FILE}.tmp \ - -e 's:@-PREFIX-@:${prefix}:g' \ - -e 's:@-PKGLIBDIR-@:${pkglibdir}:g' \ - -e 's:@-PKGSYSCONFDIR-@:${pkgsysconfdir}:g' \ - -e 's:@-PKGDOCDIR-@:${pkgdocdir}:g' \ - -e 's:@-PKGXMLDIR-@:${pkgxmldir}:g' \ - -e 's:@-PKGLOGDIR-@:${pkglogdir}:g' \ - -e 's:@-SHIRELOGDIR-@:${shirelogdir}:g' \ - -e 's:@-PKGRUNDIR-@:${pkgrundir}:g' + -e 's:@-PREFIX-@:${prefix}:g' \ + -e 's:@-PKGLIBDIR-@:${pkglibdir}:g' \ + -e 's:@-PKGSYSCONFDIR-@:${pkgsysconfdir}:g' \ + -e 's:@-PKGXMLDIR-@:${pkgxmldir}:g' \ + -e 's:@-PKGWEBDIR-@:${pkgwebdir}:g' \ + -e 's:@-PKGLOGDIR-@:${pkglogdir}:g' \ + -e 's:@-SHIRELOGDIR-@:${shirelogdir}:g' \ + -e 's:@-PKGRUNDIR-@:${pkgrundir}:g' cmp -s ${FILE} ${FILE}.tmp || mv ${FILE}.tmp ${FILE} rm -f ${FILE}.tmp @@ -571,6 +620,9 @@ apache22.config: ${srcdir}/apache22.config.in Makefile ${top_builddir}/config.status $(MAKE) do-build-file FILE=$@ +apache24.config: ${srcdir}/apache24.config.in Makefile ${top_builddir}/config.status + $(MAKE) do-build-file FILE=$@ + shibd-redhat: ${srcdir}/shibd-redhat.in Makefile ${top_builddir}/config.status $(MAKE) do-build-file FILE=$@ @@ -593,9 +645,9 @@ install-data-local: all-data-local $(mkinstalldirs) $(DESTDIR)$(pkglogdir) - $(mkinstalldirs) $(DESTDIR)$(pkgdocdir) $(mkinstalldirs) $(DESTDIR)$(shirelogdir) $(mkinstalldirs) $(DESTDIR)$(pkgrundir) + $(mkinstalldirs) $(DESTDIR)$(pkgcachedir) $(mkinstalldirs) $(DESTDIR)$(pkgxmldir) $(mkinstalldirs) $(DESTDIR)$(pkgsysconfdir) for f in $(BUILTCONFIGFILES); do \ diff -Nru shibboleth-sp2-2.4.3+dfsg/configs/SetService32.bat shibboleth-sp2-2.5.2+dfsg/configs/SetService32.bat --- shibboleth-sp2-2.4.3+dfsg/configs/SetService32.bat 1970-01-01 00:00:00.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/configs/SetService32.bat 2012-08-06 23:30:04.000000000 +0000 @@ -0,0 +1,9 @@ +@echo off +setlocal + +sc stop shibd_default +sc config shibd_default binPath= "@-INSTALLDIR-@\sbin\shibd.exe -stdout \"@-INSTALLDIR-@\var\log\shibboleth\stdout.log\" -stderr \"@-INSTALLDIR-@\var\log\shibboleth\stderr.log\"" +ping 1.1.1.1 -n 1 -w 3000 > nul +sc start shibd_default + +echo NOTE: You will need to manually adjust your IIS or Apache configuration to complete a switch to 32-bit use. \ No newline at end of file diff -Nru shibboleth-sp2-2.4.3+dfsg/configs/SetService64.bat shibboleth-sp2-2.5.2+dfsg/configs/SetService64.bat --- shibboleth-sp2-2.4.3+dfsg/configs/SetService64.bat 1970-01-01 00:00:00.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/configs/SetService64.bat 2012-08-06 23:30:04.000000000 +0000 @@ -0,0 +1,9 @@ +@echo off +setlocal + +sc stop shibd_default +sc config shibd_default binPath= "@-INSTALLDIR-@\sbin64\shibd.exe -stdout \"@-INSTALLDIR-@\var\log\shibboleth\stdout.log\" -stderr \"@-INSTALLDIR-@\var\log\shibboleth\stderr.log\"" +ping 1.1.1.1 -n 1 -w 3000 > nul +sc start shibd_default + +echo NOTE: You will need to manually adjust your IIS or Apache configuration to complete a switch to 64-bit use. \ No newline at end of file diff -Nru shibboleth-sp2-2.4.3+dfsg/configs/accessError.html shibboleth-sp2-2.5.2+dfsg/configs/accessError.html --- shibboleth-sp2-2.4.3+dfsg/configs/accessError.html 2011-06-28 00:39:28.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/configs/accessError.html 2012-07-23 20:08:23.000000000 +0000 @@ -12,7 +12,9 @@ + Logo +

Authorization Failed

diff -Nru shibboleth-sp2-2.4.3+dfsg/configs/apache.config.in shibboleth-sp2-2.5.2+dfsg/configs/apache.config.in --- shibboleth-sp2-2.4.3+dfsg/configs/apache.config.in 2011-06-28 00:39:28.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/configs/apache.config.in 2013-05-23 16:57:05.000000000 +0000 @@ -1,4 +1,4 @@ -# https://spaces.internet2.edu/display/SHIB2/NativeSPApacheConfig +# https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig # RPM installations on platforms with a conf.d directory will # result in this file being copied into that directory for you @@ -18,22 +18,26 @@ # extension. # -SetHandler shib-handler + SetHandler shib-handler -# Another way of addressing this is to apply Shibboleth -# globally to the site in "lazy" session mode: -# -# AuthType shibboleth -# require shibboleth -# +# +# Ensures handler will be accessible. +# + + Satisfy Any + Allow from all + # -# Used for example logo and style sheet in error templates. +# Used for example style sheet in error templates. # - Alias /shibboleth-sp/main.css @-PKGDOCDIR-@/main.css - Alias /shibboleth-sp/logo.jpg @-PKGDOCDIR-@/logo.jpg + Alias /shibboleth-sp/main.css @-PKGWEBDIR-@/main.css + + Satisfy Any + Allow from all + # diff -Nru shibboleth-sp2-2.4.3+dfsg/configs/apache2.config.in shibboleth-sp2-2.5.2+dfsg/configs/apache2.config.in --- shibboleth-sp2-2.4.3+dfsg/configs/apache2.config.in 2011-06-28 00:39:28.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/configs/apache2.config.in 2013-05-23 16:57:05.000000000 +0000 @@ -1,4 +1,4 @@ -# https://spaces.internet2.edu/display/SHIB2/NativeSPApacheConfig +# https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig # RPM installations on platforms with a conf.d directory will # result in this file being copied into that directory for you @@ -13,14 +13,22 @@ LoadModule mod_shib @-PKGLIBDIR-@/mod_shib_20.so # -# Used for example logo and style sheet in error templates. +# Ensures handler will be accessible. +# + + Satisfy Any + Allow from all + + +# +# Used for example style sheet in error templates. # + Satisfy Any Allow from all - Alias /shibboleth-sp/main.css @-PKGDOCDIR-@/main.css - Alias /shibboleth-sp/logo.jpg @-PKGDOCDIR-@/logo.jpg + Alias /shibboleth-sp/main.css @-PKGWEBDIR-@/main.css # diff -Nru shibboleth-sp2-2.4.3+dfsg/configs/apache22.config.in shibboleth-sp2-2.5.2+dfsg/configs/apache22.config.in --- shibboleth-sp2-2.4.3+dfsg/configs/apache22.config.in 2011-06-28 00:39:28.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/configs/apache22.config.in 2013-05-23 16:57:05.000000000 +0000 @@ -1,4 +1,4 @@ -# https://spaces.internet2.edu/display/SHIB2/NativeSPApacheConfig +# https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig # RPM installations on platforms with a conf.d directory will # result in this file being copied into that directory for you @@ -13,14 +13,22 @@ LoadModule mod_shib @-PKGLIBDIR-@/mod_shib_22.so # -# Used for example logo and style sheet in error templates. +# Ensures handler will be accessible. +# + + Satisfy Any + Allow from all + + +# +# Used for example style sheet in error templates. # + Satisfy Any Allow from all - Alias /shibboleth-sp/main.css @-PKGDOCDIR-@/main.css - Alias /shibboleth-sp/logo.jpg @-PKGDOCDIR-@/logo.jpg + Alias /shibboleth-sp/main.css @-PKGWEBDIR-@/main.css # diff -Nru shibboleth-sp2-2.4.3+dfsg/configs/apache24.config.in shibboleth-sp2-2.5.2+dfsg/configs/apache24.config.in --- shibboleth-sp2-2.4.3+dfsg/configs/apache24.config.in 1970-01-01 00:00:00.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/configs/apache24.config.in 2013-06-08 17:34:40.000000000 +0000 @@ -0,0 +1,53 @@ +# https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig + +# RPM installations on platforms with a conf.d directory will +# result in this file being copied into that directory for you +# and preserved across upgrades. + +# For non-RPM installs, you should copy the relevant contents of +# this file to a configuration location you control. + +# +# Load the Shibboleth module. +# +LoadModule mod_shib @-PKGLIBDIR-@/mod_shib_24.so + +# +# Turn this on to support "require valid-user" rules from other +# mod_authn_* modules, and use "require shib-session" for anonymous +# session-based authorization in mod_shib. +# +ShibCompatValidUser Off + +# +# Ensures handler will be accessible. +# + + AuthType None + Require all granted + + +# +# Used for example style sheet in error templates. +# + + + AuthType None + Require all granted + + Alias /shibboleth-sp/main.css @-PKGWEBDIR-@/main.css + + +# +# Configure the module for content. +# +# You MUST enable AuthType shibboleth for the module to process +# any requests, and there MUST be a require command as well. To +# enable Shibboleth but not specify any session/access requirements +# use "require shibboleth". +# + + AuthType shibboleth + ShibRequestSetting requireSession 1 + require valid-user + diff -Nru shibboleth-sp2-2.4.3+dfsg/configs/attrChecker.html shibboleth-sp2-2.5.2+dfsg/configs/attrChecker.html --- shibboleth-sp2-2.4.3+dfsg/configs/attrChecker.html 1970-01-01 00:00:00.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/configs/attrChecker.html 2012-07-23 20:08:23.000000000 +0000 @@ -0,0 +1,50 @@ + + + + + + + + Insufficient Information + + + + + +Logo + +

We're sorry, but you cannot access this service at this time.

+ +

This service requires information about you that your identity provider +() +did not release. To gain access to this service, your identity provider +must release the required information.

+ + +

+

+Please visit + +the support page +this support page + +for further instructions. +
+

+ + +

+You were trying to access the following URL: +

+

+ + +

For more information about this service, including what user information is +required for access, please visit our +information page.

+ + + + diff -Nru shibboleth-sp2-2.4.3+dfsg/configs/attribute-map.xml shibboleth-sp2-2.5.2+dfsg/configs/attribute-map.xml --- shibboleth-sp2-2.4.3+dfsg/configs/attribute-map.xml 2011-06-28 00:39:28.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/configs/attribute-map.xml 2012-07-23 20:08:23.000000000 +0000 @@ -1,5 +1,12 @@ + + @@ -77,11 +84,12 @@ --> - + @@ -93,6 +93,8 @@ --> @@ -123,7 +125,7 @@ + entityID="https://idp.example.org/idp/shibboleth"> @@ -192,13 +194,17 @@ - + + + + - - + + + + + @@ -249,7 +258,7 @@ - - http://www.w3.org/2001/04/xmldsig-more#md5 - http://www.w3.org/2001/04/xmldsig-more#rsa-md5 - + diff -Nru shibboleth-sp2-2.4.3+dfsg/configs/sessionError.html shibboleth-sp2-2.5.2+dfsg/configs/sessionError.html --- shibboleth-sp2-2.4.3+dfsg/configs/sessionError.html 2011-06-28 00:39:28.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/configs/sessionError.html 2012-07-23 20:08:23.000000000 +0000 @@ -12,7 +12,9 @@ + Logo +

The system encountered an error at

diff -Nru shibboleth-sp2-2.4.3+dfsg/configs/shibboleth2.xml shibboleth-sp2-2.5.2+dfsg/configs/shibboleth2.xml --- shibboleth-sp2-2.4.3+dfsg/configs/shibboleth2.xml 2011-06-28 00:39:28.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/configs/shibboleth2.xml 2012-08-05 21:41:33.000000000 +0000 @@ -13,10 +13,10 @@ @@ -28,11 +28,12 @@ You MUST supply an effectively unique handlerURL value for each of your applications. The value defaults to /Shibboleth.sso, and should be a relative path, with the SP computing a relative value based on the virtual host. Using handlerSSL="true", the default, will force - the protocol to be https. You should also add a cookieProps setting of "; path=/; secure" - in that case. Note that while we default checkAddress to "false", this has a negative - impact on the security of the SP. Stealing cookies/sessions is much easier with this disabled. + the protocol to be https. You should also set cookieProps to "https" for SSL-only sites. + Note that while we default checkAddress to "false", this has a negative impact on the + security of your site. Stealing sessions via cookie theft is much easier with this disabled. --> - + - SAML2 SAML1 @@ -52,7 +53,7 @@ - + @@ -66,7 +67,7 @@ also add attributes with values that can be plugged into the templates. --> @@ -84,7 +85,7 @@ --> - + @@ -97,7 +98,7 @@ ---- shibboleth-sp2-2.4.3+dfsg.orig/configs/native.logger.in -+++ shibboleth-sp2-2.4.3+dfsg/configs/native.logger.in -@@ -26,17 +26,29 @@ log4j.category.XMLTooling.libcurl=INFO +--- shibboleth-sp2-2.5.2+dfsg.orig/fastcgi/Makefile.am ++++ shibboleth-sp2-2.5.2+dfsg/fastcgi/Makefile.am +@@ -10,13 +10,15 @@ shibauthorizer_SOURCES = shibauthorizer. + shibauthorizer_CXXFLAGS = $(FASTCGI_INCLUDE) + shibauthorizer_LDFLAGS = $(FASTCGI_LDFLAGS) + shibauthorizer_LDADD = $(FASTCGI_LIBS) \ +- $(top_builddir)/shibsp/libshibsp-lite.la ++ $(top_builddir)/shibsp/libshibsp-lite.la \ ++ $(LITE_LIBS) + + shibresponder_SOURCES = shibresponder.cpp + shibresponder_CXXFLAGS = $(FASTCGI_INCLUDE) + shibresponder_LDFLAGS = $(FASTCGI_LDFLAGS) + shibresponder_LDADD = $(FASTCGI_LIBS) \ +- $(top_builddir)/shibsp/libshibsp-lite.la ++ $(top_builddir)/shibsp/libshibsp-lite.la \ ++ $(LITE_LIBS) + + endif + +--- shibboleth-sp2-2.5.2+dfsg.orig/configs/native.logger.in ++++ shibboleth-sp2-2.5.2+dfsg/configs/native.logger.in +@@ -1,5 +1,9 @@ + # set overall behavior +-log4j.rootCategory=INFO, native_log, warn_log ++# ++# Debian: remove warn_log. All logs go to syslog, so there's no need to ++# have multiple log destinations differentiated only by log threshold. ++#log4j.rootCategory=INFO, native_log, warn_log ++log4j.rootCategory=INFO, native_log + + # fairly verbose for DEBUG, so generally leave at INFO + log4j.category.XMLTooling.XMLObject=INFO +@@ -27,17 +31,29 @@ log4j.category.XMLTooling.libcurl=INFO # define the appender @@ -42,6 +73,14 @@ -log4j.appender.native_log.maxBackupIndex=10 -log4j.appender.native_log.layout=org.apache.log4j.PatternLayout -log4j.appender.native_log.layout.ConversionPattern=%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n +- +-log4j.appender.warn_log=org.apache.log4j.RollingFileAppender +-log4j.appender.warn_log.fileName=@-SHIRELOGDIR-@/native_warn.log +-log4j.appender.warn_log.maxFileSize=1000000 +-log4j.appender.warn_log.maxBackupIndex=10 +-log4j.appender.warn_log.layout=org.apache.log4j.PatternLayout +-log4j.appender.warn_log.layout.ConversionPattern=%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n +-log4j.appender.warn_log.threshold=WARN +# This is the default, but it's essentially useless under normal +# circumstances since Apache doesn't have access to write to that +# directory. @@ -58,14 +97,7 @@ +#log4j.appender.warn_log.layout=org.apache.log4j.PatternLayout +#log4j.appender.warn_log.layout.ConversionPattern=%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n +#log4j.appender.warn_log.threshold=WARN - --log4j.appender.warn_log=org.apache.log4j.RollingFileAppender --log4j.appender.warn_log.fileName=@-SHIRELOGDIR-@/native_warn.log --log4j.appender.warn_log.maxFileSize=1000000 --log4j.appender.warn_log.maxBackupIndex=10 --log4j.appender.warn_log.layout=org.apache.log4j.PatternLayout --log4j.appender.warn_log.layout.ConversionPattern=%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n --log4j.appender.warn_log.threshold=WARN ++ +# Use syslog instead, since then at least the messages will go somewhere. +# That facility is LOG_DAEMON, since log4cpp apparently doesn't recognize +# symbolic log facilities. @@ -75,21 +107,19 @@ +log4j.appender.native_log.syslogName=shibboleth-sp +log4j.appender.native_log.facility=3 +log4j.appender.native_log.layout=org.apache.log4j.BasicLayout ---- shibboleth-sp2-2.4.3+dfsg.orig/configs/Makefile.am -+++ shibboleth-sp2-2.4.3+dfsg/configs/Makefile.am -@@ -4,8 +4,8 @@ AUTOMAKE_OPTIONS = foreign - - pkglibdir = ${libdir}/@PACKAGE@ - pkglogdir = ${localstatedir}/log/@PACKAGE@ --pkgdocdir = $(datadir)/doc/@PACKAGE@-@PACKAGE_VERSION@ +--- shibboleth-sp2-2.5.2+dfsg.orig/configs/Makefile.am ++++ shibboleth-sp2-2.5.2+dfsg/configs/Makefile.am +@@ -4,7 +4,7 @@ AUTOMAKE_OPTIONS = foreign + + pkglibdir = ${libdir}/@PACKAGE_NAME@ + pkglogdir = ${localstatedir}/log/@PACKAGE_NAME@ -shirelogdir = ${localstatedir}/log/httpd -+pkgdocdir = ${datadir}/doc/@PACKAGE@ +shirelogdir = ${localstatedir}/log/apache2 - pkgxmldir = $(datadir)/xml/@PACKAGE@ - pkgrundir = $(localstatedir)/run/@PACKAGE@ - pkgsysconfdir = $(sysconfdir)/@PACKAGE@ ---- shibboleth-sp2-2.4.3+dfsg.orig/configs/shibd-debian.in -+++ shibboleth-sp2-2.4.3+dfsg/configs/shibd-debian.in + pkgxmldir = $(datadir)/xml/@PACKAGE_NAME@ + pkgwebdir = $(datadir)/@PACKAGE_NAME@ + pkgrundir = $(localstatedir)/run/@PACKAGE_NAME@ +--- shibboleth-sp2-2.5.2+dfsg.orig/configs/shibd-debian.in ++++ shibboleth-sp2-2.5.2+dfsg/configs/shibd-debian.in @@ -1,18 +1,20 @@ #! /bin/sh ### BEGIN INIT INFO @@ -270,8 +300,8 @@ exit 1 ;; esac ---- shibboleth-sp2-2.4.3+dfsg.orig/configs/keygen.sh -+++ shibboleth-sp2-2.4.3+dfsg/configs/keygen.sh +--- shibboleth-sp2-2.5.2+dfsg.orig/configs/keygen.sh ++++ shibboleth-sp2-2.5.2+dfsg/configs/keygen.sh @@ -1,5 +1,11 @@ #! /bin/sh @@ -295,58 +325,3 @@ fi if [ -z "$YEARS" ] ; then ---- shibboleth-sp2-2.4.3+dfsg.orig/configs/metagen.sh -+++ shibboleth-sp2-2.4.3+dfsg/configs/metagen.sh -@@ -1,4 +1,4 @@ --#! /bin/sh -+#! /bin/bash - - DECLS=1 - ---- shibboleth-sp2-2.4.3+dfsg.orig/memcache-store/memcache-store.cpp -+++ shibboleth-sp2-2.4.3+dfsg/memcache-store/memcache-store.cpp -@@ -308,7 +308,7 @@ bool MemcacheBase::deleteMemcache(const - success = false; - } else if (rv == MEMCACHED_ERRNO) { - // System error -- string error = string("Memcache::deleteMemcache() SYSTEM ERROR: ") + string(strerror(memc->cached_errno)); -+ string error = string("Memcache::deleteMemcache() SYSTEM ERROR: ") + string(memcached_last_error_message(memc)); - log.error(error); - throw IOException(error); - } else { -@@ -349,7 +349,7 @@ bool MemcacheBase::getMemcache(const cha - success = false; - } else if (rv == MEMCACHED_ERRNO) { - // System error -- string error = string("Memcache::getMemcache() SYSTEM ERROR: ") + string(strerror(memc->cached_errno)); -+ string error = string("Memcache::getMemcache() SYSTEM ERROR: ") + string(memcached_last_error_message(memc)); - log.error(error); - throw IOException(error); - } else { -@@ -388,7 +388,7 @@ bool MemcacheBase::addMemcache(const cha - success = false; - } else if (rv == MEMCACHED_ERRNO) { - // System error -- string error = string("Memcache::addMemcache() SYSTEM ERROR: ") + string(strerror(memc->cached_errno)); -+ string error = string("Memcache::addMemcache() SYSTEM ERROR: ") + string(memcached_last_error_message(memc)); - log.error(error); - throw IOException(error); - } else { -@@ -424,7 +424,7 @@ bool MemcacheBase::setMemcache(const cha - success = true; - } else if (rv == MEMCACHED_ERRNO) { - // System error -- string error = string("Memcache::setMemcache() SYSTEM ERROR: ") + string(strerror(memc->cached_errno)); -+ string error = string("Memcache::setMemcache() SYSTEM ERROR: ") + string(memcached_last_error_message(memc)); - log.error(error); - throw IOException(error); - } else { -@@ -463,7 +463,7 @@ bool MemcacheBase::replaceMemcache(const - success = false; - } else if (rv == MEMCACHED_ERRNO) { - // System error -- string error = string("Memcache::replaceMemcache() SYSTEM ERROR: ") + string(strerror(memc->cached_errno)); -+ string error = string("Memcache::replaceMemcache() SYSTEM ERROR: ") + string(memcached_last_error_message(memc)); - log.error(error); - throw IOException(error); - } else { diff -Nru shibboleth-sp2-2.4.3+dfsg/debian/rules shibboleth-sp2-2.5.2+dfsg/debian/rules --- shibboleth-sp2-2.4.3+dfsg/debian/rules 2012-02-16 19:26:25.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/debian/rules 2013-07-14 18:28:11.000000000 +0000 @@ -28,26 +28,28 @@ wget $(URL)/$(VERSION)/shibboleth-sp-$(VERSION).tar.gz tar xfz shibboleth-sp-$(VERSION).tar.gz rm shibboleth-sp-$(VERSION).tar.gz - rm shibboleth-$(VERSION)/schemas/WS-Trust.xsd - mv shibboleth-$(VERSION) shibboleth-sp2_$(DEBVERS).orig + rm shibboleth-sp-$(VERSION)/schemas/WS-Trust.xsd + mv shibboleth-sp-$(VERSION) shibboleth-sp2_$(DEBVERS).orig tar cf shibboleth-sp2_$(DEBVERS).orig.tar \ shibboleth-sp2_$(DEBVERS).orig rm -rf shibboleth-sp2_$(DEBVERS).orig - gzip -9 shibboleth-sp2_$(DEBVERS).orig.tar + xz shibboleth-sp2_$(DEBVERS).orig.tar + +%: + dh $@ --with apache2,autoreconf override_dh_autoreconf: dh_autoreconf --as-needed override_dh_auto_configure: - dh_auto_configure -- \ - --libexecdir=/usr/lib/$(DEB_HOST_MULTIARCH)/shibboleth \ - --localstatedir=/var --enable-apache-22 \ - --with-apxs2=/usr/bin/apxs2 --disable-dependency-tracking \ - --with-memcached $(SYSTEM) + dh_auto_configure -- \ + --libexecdir=/usr/lib/$(DEB_HOST_MULTIARCH)/shibboleth \ + --localstatedir=/var --enable-apache-24 \ + --with-apxs24=/usr/bin/apxs2 --disable-dependency-tracking \ + --with-memcached --with-fastcgi --with-gssapi $(SYSTEM) override_dh_auto_install: NOKEYGEN=1 dh_auto_install - rm debian/tmp/usr/lib/*/shibboleth/*.la rm -r debian/tmp/usr/share/doc/shibboleth* rm -r debian/tmp/var/run rm debian/tmp/etc/shibboleth/*.dist @@ -62,39 +64,42 @@ debian/libapache2-mod-shib2.shibd.init override_dh_install: - mv debian/tmp/usr/lib/*/shibboleth/mod_shib_22.so \ - debian/libapache2-mod-shib2/usr/lib/apache2/modules - pod2man debian/man-pages/mdquery.pod --section 1 \ - --center 'Shibboleth' --release $(VERSION) \ + mkdir -p debian/tmp/usr/lib/apache2/modules + mv debian/tmp/usr/lib/*/shibboleth/mod_shib_24.so \ + debian/tmp/usr/lib/apache2/modules/mod_shib2.so + pod2man debian/man-pages/mdquery.pod --section 1 \ + --center 'Shibboleth' --release $(VERSION) \ debian/libapache2-mod-shib2/usr/share/man/man1/mdquery.1 - pod2man debian/man-pages/resolvertest.pod --section 1 \ - --center 'Shibboleth' --release $(VERSION) \ + pod2man debian/man-pages/resolvertest.pod --section 1 \ + --center 'Shibboleth' --release $(VERSION) \ debian/libapache2-mod-shib2/usr/share/man/man1/resolvertest.1 - pod2man debian/man-pages/shib-metagen.pod --section 1 \ - --center 'Shibboleth' --release $(VERSION) \ + pod2man debian/man-pages/shib-metagen.pod --section 1 \ + --center 'Shibboleth' --release $(VERSION) \ debian/libapache2-mod-shib2/usr/share/man/man1/shib-metagen.1 - pod2man debian/man-pages/shib-keygen.pod --section 8 \ - --center 'Shibboleth' --release $(VERSION) \ + pod2man debian/man-pages/shib-keygen.pod --section 8 \ + --center 'Shibboleth' --release $(VERSION) \ debian/libapache2-mod-shib2/usr/share/man/man8/shib-keygen.8 - pod2man debian/man-pages/shibd.pod --section 8 \ - --center 'Shibboleth' --release $(VERSION) \ + pod2man debian/man-pages/shibd.pod --section 8 \ + --center 'Shibboleth' --release $(VERSION) \ debian/libapache2-mod-shib2/usr/share/man/man8/shibd.8 - dh_install -s -i --fail-missing + dh_install -s -i -X mod_shib2.so --fail-missing + +override_dh_installchangelogs: + dh_installchangelogs doc/RELEASE.txt override_dh_installdocs: dh_installdocs -A doc/NOTICE.txt - set -e; if [ -d "$(DOCS)" ] ; then \ - rm $(DOCS)/html/jquery.js ; \ - ln -s /usr/share/javascript/jquery/jquery.min.js \ - $(DOCS)/html/jquery.js ; \ + set -e; if [ -d "$(DOCS)" ] ; then \ + rm $(DOCS)/html/jquery.js ; \ + ln -s /usr/share/javascript/jquery/jquery.min.js \ + $(DOCS)/html/jquery.js ; \ fi override_dh_installinit: dh_installinit --name=shibd -- start 20 2 3 4 5 . override_dh_makeshlibs: - dh_makeshlibs -V'libshibsp5 (>= 2.4.3+dfsg-4~)' \ - -Xusr/lib/$(DEB_HOST_MULTIARCH)/shibboleth + dh_makeshlibs -Xusr/lib/$(DEB_HOST_MULTIARCH)/shibboleth -%: - dh $@ --with autoreconf +override_dh_builddeb: + dh_builddeb -- -Zxz diff -Nru shibboleth-sp2-2.4.3+dfsg/debian/shib2.load shibboleth-sp2-2.5.2+dfsg/debian/shib2.load --- shibboleth-sp2-2.4.3+dfsg/debian/shib2.load 2012-02-16 19:26:25.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/debian/shib2.load 2013-07-14 18:28:11.000000000 +0000 @@ -1 +1 @@ -LoadModule mod_shib /usr/lib/apache2/modules/mod_shib_22.so +LoadModule mod_shib /usr/lib/apache2/modules/mod_shib2.so diff -Nru shibboleth-sp2-2.4.3+dfsg/debian/source/options shibboleth-sp2-2.5.2+dfsg/debian/source/options --- shibboleth-sp2-2.4.3+dfsg/debian/source/options 1970-01-01 00:00:00.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/debian/source/options 2013-07-14 18:28:11.000000000 +0000 @@ -0,0 +1 @@ +compression = "xz" diff -Nru shibboleth-sp2-2.4.3+dfsg/doc/CREDITS.txt shibboleth-sp2-2.5.2+dfsg/doc/CREDITS.txt --- shibboleth-sp2-2.4.3+dfsg/doc/CREDITS.txt 2011-06-28 01:28:21.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/doc/CREDITS.txt 2012-12-10 02:39:03.000000000 +0000 @@ -1,64 +1,59 @@ -Shibboleth Implementation Team + Current Development Team - Documentation + Scott Cantor + The Ohio State University - Nate Klingenstein - Internet2 - ndk@internet2.edu + Brent Putman + Georgetown University + + Rod Widdowson + Steading System Software LLP - Design and Programming + Ian Young + Independent - Derek Atkins - IHTFP Consulting, Inc - derek@ihtfp.com + Tom Zeller + Dragonacea, LLC + + Project Management - Scott Cantor - The Ohio State University - cantor.2@osu.edu + Nicole Harris + JISC Advance + + Emeritus Developers + + Derek Atkins Jim Fox - University of Washington - fox@washington.edu Walter Hoehn - The University of Memphis - wassa@memphis.edu Chad LaJoie - Itumi, LLC. - lajoie@itumi.biz Derek Morr - Penn State University - dvm105@psu.edu Will Norris - will@willnorris.com - - Brent Putman - Georgetown University - putmanb@georgetown.edu - - Rod Widdowson - Steading Software, Inc. - rdw@steadingsoftware.com - - Project Management - - RL "Bob" Morgan - University of Washington - rlmorgan@washington.edu + + Emeritus Contributors Steven Carmody Brown University - Steven_Carmody@brown.edu + + Marlena Erdos Ken Klingenstein Internet2 - kjk@internet2.edu + Nate Klingenstein + Internet2 + + RL "Bob" Morgan + University of Washington + http://shibboleth.net/community/news/20120717.html -Thanks to: + Many others! + +Additional thanks to: Internet2 @@ -68,14 +63,14 @@ Barbara Jenson (CMU), Parviz Dousti (CMU), Tom Dopirak (CMU), and Sridhar Muppidi (IBM/Tivoli); for helping to develop - the initial shibboleth prototype + the initial Shibboleth prototype Brian Pittman (WebAssign), Mark Earnest (PSU), James Shvarts (Columbia), Ryan Muldoon (Wisconsin), John Hopkins (PSU), Noah Levitt (Columbia), and David Walker (UCOP); for much help with testing Dave Dearman (NRCC), for contributing a SQL Data Connector for the AA - resolver + resolver back in the 1.x release Noah Levitt (Columbia), for simplifying the logging configuration. @@ -88,3 +83,7 @@ Shibboleth versions Kaspar Brand for assisting in the development of CRL-related functionality + + The community at large for helping with end user support, particularly + Peter Schober, Paul Hethmon, Kevin Foote, Russell Beall, and Christopher + Bongaarts diff -Nru shibboleth-sp2-2.4.3+dfsg/doc/Makefile.am shibboleth-sp2-2.5.2+dfsg/doc/Makefile.am --- shibboleth-sp2-2.4.3+dfsg/doc/Makefile.am 2011-06-28 00:39:28.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/doc/Makefile.am 2012-07-23 20:08:29.000000000 +0000 @@ -1,6 +1,7 @@ AUTOMAKE_OPTIONS = foreign -pkgdocdir = $(datadir)/doc/@PACKAGE@-@PACKAGE_VERSION@ +pkgdocdir = $(datadir)/doc/@PACKAGE_NAME@-@PACKAGE_VERSION@ +pkgwebdir = $(datadir)/@PACKAGE_NAME@ install-data-hook: if test -d api ; then \ @@ -16,10 +17,12 @@ RELEASE.txt \ FASTCGI.LICENSE \ OPENSSL.LICENSE \ - LOG4CPP.LICENSE \ - main.css \ - logo.jpg - + LOG4CPP.LICENSE + +webfiles = main.css + pkgdoc_DATA = $(docfiles) -EXTRA_DIST = $(docfiles) api +pkgweb_DATA = $(webfiles) + +EXTRA_DIST = $(docfiles) $(webfiles) api diff -Nru shibboleth-sp2-2.4.3+dfsg/doc/Makefile.in shibboleth-sp2-2.5.2+dfsg/doc/Makefile.in --- shibboleth-sp2-2.4.3+dfsg/doc/Makefile.in 2011-06-28 01:29:27.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/doc/Makefile.in 2013-06-16 22:06:20.000000000 +0000 @@ -1,9 +1,8 @@ -# Makefile.in generated by automake 1.11.1 from Makefile.am. +# Makefile.in generated by automake 1.12.6 from Makefile.am. # @configure_input@ -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, -# Inc. +# Copyright (C) 1994-2012 Free Software Foundation, Inc. + # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,6 +15,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -38,10 +54,11 @@ DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/acinclude.m4 \ - $(top_srcdir)/m4/acx_pthread.m4 $(top_srcdir)/m4/doxygen.m4 \ - $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ - $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ - $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac + $(top_srcdir)/m4/acx_pthread.m4 $(top_srcdir)/m4/boost.m4 \ + $(top_srcdir)/m4/doxygen.m4 $(top_srcdir)/m4/libtool.m4 \ + $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ + $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ + $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d @@ -51,6 +68,11 @@ CONFIG_CLEAN_VPATH_FILES = SOURCES = DIST_SOURCES = +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ @@ -72,8 +94,14 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -am__installdirs = "$(DESTDIR)$(pkgdocdir)" -DATA = $(pkgdoc_DATA) +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__installdirs = "$(DESTDIR)$(pkgdocdir)" "$(DESTDIR)$(pkgwebdir)" +DATA = $(pkgdoc_DATA) $(pkgweb_DATA) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -86,6 +114,9 @@ APXS22 = @APXS22@ APXS22_CFLAGS = @APXS22_CFLAGS@ APXS22_INCLUDE = @APXS22_INCLUDE@ +APXS24 = @APXS24@ +APXS24_CFLAGS = @APXS24_CFLAGS@ +APXS24_INCLUDE = @APXS24_INCLUDE@ APXS2_CFLAGS = @APXS2_CFLAGS@ APXS2_INCLUDE = @APXS2_INCLUDE@ APXS_CFLAGS = @APXS_CFLAGS@ @@ -95,6 +126,8 @@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ +BOOST_CPPFLAGS = @BOOST_CPPFLAGS@ +BOOST_ROOT = @BOOST_ROOT@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ @@ -107,6 +140,7 @@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ +DISTCHECK_CONFIGURE_FLAGS = @DISTCHECK_CONFIGURE_FLAGS@ DLLTOOL = @DLLTOOL@ DOXYGEN_PAPER_SIZE = @DOXYGEN_PAPER_SIZE@ DSYMUTIL = @DSYMUTIL@ @@ -254,7 +288,8 @@ top_srcdir = @top_srcdir@ xs = @xs@ AUTOMAKE_OPTIONS = foreign -pkgdocdir = $(datadir)/doc/@PACKAGE@-@PACKAGE_VERSION@ +pkgdocdir = $(datadir)/doc/@PACKAGE_NAME@-@PACKAGE_VERSION@ +pkgwebdir = $(datadir)/@PACKAGE_NAME@ docfiles = \ CREDITS.txt \ LICENSE.txt \ @@ -263,12 +298,12 @@ RELEASE.txt \ FASTCGI.LICENSE \ OPENSSL.LICENSE \ - LOG4CPP.LICENSE \ - main.css \ - logo.jpg + LOG4CPP.LICENSE +webfiles = main.css pkgdoc_DATA = $(docfiles) -EXTRA_DIST = $(docfiles) api +pkgweb_DATA = $(webfiles) +EXTRA_DIST = $(docfiles) $(webfiles) api all: all-am .SUFFIXES: @@ -310,8 +345,11 @@ -rm -rf .libs _libs install-pkgdocDATA: $(pkgdoc_DATA) @$(NORMAL_INSTALL) - test -z "$(pkgdocdir)" || $(MKDIR_P) "$(DESTDIR)$(pkgdocdir)" @list='$(pkgdoc_DATA)'; test -n "$(pkgdocdir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(pkgdocdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(pkgdocdir)" || exit 1; \ + fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ @@ -325,15 +363,36 @@ @$(NORMAL_UNINSTALL) @list='$(pkgdoc_DATA)'; test -n "$(pkgdocdir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ - test -n "$$files" || exit 0; \ - echo " ( cd '$(DESTDIR)$(pkgdocdir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(pkgdocdir)" && rm -f $$files + dir='$(DESTDIR)$(pkgdocdir)'; $(am__uninstall_files_from_dir) +install-pkgwebDATA: $(pkgweb_DATA) + @$(NORMAL_INSTALL) + @list='$(pkgweb_DATA)'; test -n "$(pkgwebdir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(pkgwebdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(pkgwebdir)" || exit 1; \ + fi; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(pkgwebdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(pkgwebdir)" || exit $$?; \ + done + +uninstall-pkgwebDATA: + @$(NORMAL_UNINSTALL) + @list='$(pkgweb_DATA)'; test -n "$(pkgwebdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(pkgwebdir)'; $(am__uninstall_files_from_dir) tags: TAGS TAGS: ctags: CTAGS CTAGS: +cscope cscopelist: + distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ @@ -369,7 +428,7 @@ check: check-am all-am: Makefile $(DATA) installdirs: - for dir in "$(DESTDIR)$(pkgdocdir)"; do \ + for dir in "$(DESTDIR)$(pkgdocdir)" "$(DESTDIR)$(pkgwebdir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am @@ -382,10 +441,15 @@ installcheck: installcheck-am install-strip: - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - `test -z '$(STRIP)' || \ - echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi mostlyclean-generic: clean-generic: @@ -417,7 +481,7 @@ info-am: -install-data-am: install-pkgdocDATA +install-data-am: install-pkgdocDATA install-pkgwebDATA @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-dvi: install-dvi-am @@ -462,7 +526,7 @@ ps-am: -uninstall-am: uninstall-pkgdocDATA +uninstall-am: uninstall-pkgdocDATA uninstall-pkgwebDATA .MAKE: install-am install-data-am install-strip @@ -472,11 +536,12 @@ install-data install-data-am install-data-hook install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pkgdocDATA install-ps \ - install-ps-am install-strip installcheck installcheck-am \ - installdirs maintainer-clean maintainer-clean-generic \ - mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ - ps ps-am uninstall uninstall-am uninstall-pkgdocDATA + install-pdf install-pdf-am install-pkgdocDATA \ + install-pkgwebDATA install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am uninstall uninstall-am \ + uninstall-pkgdocDATA uninstall-pkgwebDATA install-data-hook: diff -Nru shibboleth-sp2-2.4.3+dfsg/doc/README.txt shibboleth-sp2-2.5.2+dfsg/doc/README.txt --- shibboleth-sp2-2.4.3+dfsg/doc/README.txt 2011-06-28 01:22:41.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/doc/README.txt 2012-08-06 23:30:04.000000000 +0000 @@ -1,24 +1,22 @@ -Welcome to Internet2's Shibboleth - Shibboleth is a federated web authentication and attribute exchange system -based on SAML developed by Internet2 and MACE. +based on SAML, originally developed by Internet2 and now a product of the +Shibboleth Consortium. Please review the terms described in the LICENSE.txt file before using this -code. It is now the Apache 2.0 license. +code. It is the standard Apache 2.0 license. A wealth of information about Shibboleth can be found at -http://shibboleth.internet2.edu/ +http://shibboleth.net/ Shibboleth is divided into identity and service provider components, with the -IdP in Java and the SP in C and C++. +IdP in Java and the SP (this software) in C++. Source and binary distributions are available from -http://www.shibboleth.net/downloads/ +http://shibboleth.net/downloads/ -SVN is available for anonymous access, as described at the Shibboleth +The source is available in Subversion, as described in the Shibboleth site. Mailing lists and a bug database (https://issues.shibboleth.net/) are -also available. Not all of the lists are open, but a general support list is -available and is open. +also available. -For basic information on building from source, installing binaries, and deploying +For basic information on building from source, using binaries, and deploying Shibboleth, refer to the web site and Wiki for the latest documentation. diff -Nru shibboleth-sp2-2.4.3+dfsg/doc/RELEASE.txt shibboleth-sp2-2.5.2+dfsg/doc/RELEASE.txt --- shibboleth-sp2-2.4.3+dfsg/doc/RELEASE.txt 2011-06-28 01:23:31.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/doc/RELEASE.txt 2012-12-10 02:39:03.000000000 +0000 @@ -1,10 +1,14 @@ -Release Notes +Shibboleth Native SP Release Notes -Shibboleth Native SP - -Fix/enhancement lists: +Fix/Enhancement Lists: https://wiki.shibboleth.net/confluence/display/DEV/SPRoadmap +Important Changes: +https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPConfigurationChanges + +Feature Highlights: +https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPInterestingFeatures + NOTE: The shibboleth2.xml configuration format in this release is fully compatible with the 2.x releases, but there are significant new options available to simplify the majority of configurations. @@ -76,6 +80,7 @@ - General Security - Black/whitelisting of XML security algorithms (with xml-security 1.6+) - RSA and ECDSA signatures (EC requires xml-security 1.6+ and support from openssl) + - AES-GCM encryption (requires xml-security 1.7+ and support from openssl) - Metadata-based algorithm selection - Attributes @@ -120,7 +125,8 @@ - Support on Apache for preserving URL-encoded form data across SSO - Apache module enhancements - - "OR" coexistence with other authorization modules + - Apache 2.4 support including authz + - "OR" coexistence with other authz modules on older Apache - htaccess-based override of any valid RequestMap property - htaccess support for external access control plugins Binary files /tmp/ROs8NskggH/shibboleth-sp2-2.4.3+dfsg/doc/logo.jpg and /tmp/Tcm2I6XoQ3/shibboleth-sp2-2.5.2+dfsg/doc/logo.jpg differ diff -Nru shibboleth-sp2-2.4.3+dfsg/doc/main.css shibboleth-sp2-2.5.2+dfsg/doc/main.css --- shibboleth-sp2-2.4.3+dfsg/doc/main.css 2011-06-28 00:39:28.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/doc/main.css 2012-07-23 20:08:29.000000000 +0000 @@ -29,11 +29,25 @@ font-weight: bold; } +img { + margin-bottom: 15px; +} + .error { font-size: 10pt; font-weight: bold; } -img { - margin-bottom: 15px; -} \ No newline at end of file +.boxed-content { + margin-top: 2ex; + margin-right: 3em; + margin-bottom: 2ex; + margin-left: 3em; + padding-top: 0.5ex; + padding-right: 1em; + padding-bottom: 0.5ex; + padding-left: 1em; + border-width: 1px; + border-style: solid; + border-color: #999999; +} diff -Nru shibboleth-sp2-2.4.3+dfsg/doxygen.am shibboleth-sp2-2.5.2+dfsg/doxygen.am --- shibboleth-sp2-2.4.3+dfsg/doxygen.am 2011-06-28 00:39:28.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/doxygen.am 2012-07-23 20:08:29.000000000 +0000 @@ -54,7 +54,7 @@ if DX_COND_chi -DX_CLEAN_CHI = @DX_DOCDIR@/@PACKAGE@.chi +DX_CLEAN_CHI = @DX_DOCDIR@/@PACKAGE_NAME@.chi endif DX_COND_chi @@ -96,13 +96,13 @@ if DX_COND_ps -DX_CLEAN_PS = @DX_DOCDIR@/@PACKAGE@.ps +DX_CLEAN_PS = @DX_DOCDIR@/@PACKAGE_NAME@.ps DX_PS_GOAL = doxygen-ps -doxygen-ps: @DX_DOCDIR@/@PACKAGE@.ps +doxygen-ps: @DX_DOCDIR@/@PACKAGE_NAME@.ps -@DX_DOCDIR@/@PACKAGE@.ps: @DX_DOCDIR@/@PACKAGE@.tag +@DX_DOCDIR@/@PACKAGE_NAME@.ps: @DX_DOCDIR@/@PACKAGE_NAME@.tag cd @DX_DOCDIR@/latex; \ rm -f *.aux *.toc *.idx *.ind *.ilg *.log *.out; \ $(DX_LATEX) refman.tex; \ @@ -115,7 +115,7 @@ $(DX_LATEX) refman.tex; \ countdown=`expr $$countdown - 1`; \ done; \ - $(DX_DVIPS) -o ../@PACKAGE@.ps refman.dvi + $(DX_DVIPS) -o ../@PACKAGE_NAME@.ps refman.dvi endif DX_COND_ps @@ -125,13 +125,13 @@ if DX_COND_pdf -DX_CLEAN_PDF = @DX_DOCDIR@/@PACKAGE@.pdf +DX_CLEAN_PDF = @DX_DOCDIR@/@PACKAGE_NAME@.pdf DX_PDF_GOAL = doxygen-pdf -doxygen-pdf: @DX_DOCDIR@/@PACKAGE@.pdf +doxygen-pdf: @DX_DOCDIR@/@PACKAGE_NAME@.pdf -@DX_DOCDIR@/@PACKAGE@.pdf: @DX_DOCDIR@/@PACKAGE@.tag +@DX_DOCDIR@/@PACKAGE_NAME@.pdf: @DX_DOCDIR@/@PACKAGE_NAME@.tag cd @DX_DOCDIR@/latex; \ rm -f *.aux *.toc *.idx *.ind *.ilg *.log *.out; \ $(DX_PDFLATEX) refman.tex; \ @@ -144,7 +144,7 @@ $(DX_PDFLATEX) refman.tex; \ countdown=`expr $$countdown - 1`; \ done; \ - mv refman.pdf ../@PACKAGE@.pdf + mv refman.pdf ../@PACKAGE_NAME@.pdf endif DX_COND_pdf @@ -162,16 +162,16 @@ .INTERMEDIATE: doxygen-run $(DX_PS_GOAL) $(DX_PDF_GOAL) -doxygen-run: @DX_DOCDIR@/@PACKAGE@.tag +doxygen-run: @DX_DOCDIR@/@PACKAGE_NAME@.tag doxygen-doc: doxygen-run $(DX_PS_GOAL) $(DX_PDF_GOAL) -@DX_DOCDIR@/@PACKAGE@.tag: $(DX_CONFIG) $(pkginclude_HEADERS) +@DX_DOCDIR@/@PACKAGE_NAME@.tag: $(DX_CONFIG) $(pkginclude_HEADERS) rm -rf @DX_DOCDIR@ $(DX_ENV) DX_INCLUDE=$(DX_INCLUDE) $(DX_DOXYGEN) $(srcdir)/$(DX_CONFIG) DX_CLEANFILES = \ - @DX_DOCDIR@/@PACKAGE@.tag \ + @DX_DOCDIR@/@PACKAGE_NAME@.tag \ -r \ $(DX_CLEAN_HTML) \ $(DX_CLEAN_CHM) \ diff -Nru shibboleth-sp2-2.4.3+dfsg/fastcgi/Makefile.am shibboleth-sp2-2.5.2+dfsg/fastcgi/Makefile.am --- shibboleth-sp2-2.4.3+dfsg/fastcgi/Makefile.am 2011-06-28 00:39:26.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/fastcgi/Makefile.am 2013-06-16 19:43:47.000000000 +0000 @@ -2,18 +2,18 @@ if BUILD_FASTCGI -fastcgidir = $(libdir)/@PACKAGE@ +fastcgidir = $(libdir)/@PACKAGE_NAME@ fastcgi_PROGRAMS = shibauthorizer shibresponder shibauthorizer_SOURCES = shibauthorizer.cpp -shibauthorizer_CXXFLAGS = -I$(FASTCGI_INCLUDE) +shibauthorizer_CXXFLAGS = $(FASTCGI_INCLUDE) shibauthorizer_LDFLAGS = $(FASTCGI_LDFLAGS) shibauthorizer_LDADD = $(FASTCGI_LIBS) \ $(top_builddir)/shibsp/libshibsp-lite.la shibresponder_SOURCES = shibresponder.cpp -shibresponder_CXXFLAGS = -I$(FASTCGI_INCLUDE) +shibresponder_CXXFLAGS = $(FASTCGI_INCLUDE) shibresponder_LDFLAGS = $(FASTCGI_LDFLAGS) shibresponder_LDADD = $(FASTCGI_LIBS) \ $(top_builddir)/shibsp/libshibsp-lite.la diff -Nru shibboleth-sp2-2.4.3+dfsg/fastcgi/Makefile.in shibboleth-sp2-2.5.2+dfsg/fastcgi/Makefile.in --- shibboleth-sp2-2.4.3+dfsg/fastcgi/Makefile.in 2011-06-28 01:29:27.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/fastcgi/Makefile.in 2013-06-16 22:06:20.000000000 +0000 @@ -1,9 +1,8 @@ -# Makefile.in generated by automake 1.11.1 from Makefile.am. +# Makefile.in generated by automake 1.12.6 from Makefile.am. # @configure_input@ -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, -# Inc. +# Copyright (C) 1994-2012 Free Software Foundation, Inc. + # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,6 +15,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -37,13 +53,15 @@ @BUILD_FASTCGI_TRUE@fastcgi_PROGRAMS = shibauthorizer$(EXEEXT) \ @BUILD_FASTCGI_TRUE@ shibresponder$(EXEEXT) subdir = fastcgi -DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ + $(top_srcdir)/build-aux/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/acinclude.m4 \ - $(top_srcdir)/m4/acx_pthread.m4 $(top_srcdir)/m4/doxygen.m4 \ - $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ - $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ - $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac + $(top_srcdir)/m4/acx_pthread.m4 $(top_srcdir)/m4/boost.m4 \ + $(top_srcdir)/m4/doxygen.m4 $(top_srcdir)/m4/libtool.m4 \ + $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ + $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ + $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d @@ -91,6 +109,11 @@ SOURCES = $(shibauthorizer_SOURCES) $(shibresponder_SOURCES) DIST_SOURCES = $(am__shibauthorizer_SOURCES_DIST) \ $(am__shibresponder_SOURCES_DIST) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -105,6 +128,9 @@ APXS22 = @APXS22@ APXS22_CFLAGS = @APXS22_CFLAGS@ APXS22_INCLUDE = @APXS22_INCLUDE@ +APXS24 = @APXS24@ +APXS24_CFLAGS = @APXS24_CFLAGS@ +APXS24_INCLUDE = @APXS24_INCLUDE@ APXS2_CFLAGS = @APXS2_CFLAGS@ APXS2_INCLUDE = @APXS2_INCLUDE@ APXS_CFLAGS = @APXS_CFLAGS@ @@ -114,6 +140,8 @@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ +BOOST_CPPFLAGS = @BOOST_CPPFLAGS@ +BOOST_ROOT = @BOOST_ROOT@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ @@ -126,6 +154,7 @@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ +DISTCHECK_CONFIGURE_FLAGS = @DISTCHECK_CONFIGURE_FLAGS@ DLLTOOL = @DLLTOOL@ DOXYGEN_PAPER_SIZE = @DOXYGEN_PAPER_SIZE@ DSYMUTIL = @DSYMUTIL@ @@ -273,15 +302,15 @@ top_srcdir = @top_srcdir@ xs = @xs@ AUTOMAKE_OPTIONS = foreign -@BUILD_FASTCGI_TRUE@fastcgidir = $(libdir)/@PACKAGE@ +@BUILD_FASTCGI_TRUE@fastcgidir = $(libdir)/@PACKAGE_NAME@ @BUILD_FASTCGI_TRUE@shibauthorizer_SOURCES = shibauthorizer.cpp -@BUILD_FASTCGI_TRUE@shibauthorizer_CXXFLAGS = -I$(FASTCGI_INCLUDE) +@BUILD_FASTCGI_TRUE@shibauthorizer_CXXFLAGS = $(FASTCGI_INCLUDE) @BUILD_FASTCGI_TRUE@shibauthorizer_LDFLAGS = $(FASTCGI_LDFLAGS) @BUILD_FASTCGI_TRUE@shibauthorizer_LDADD = $(FASTCGI_LIBS) \ @BUILD_FASTCGI_TRUE@ $(top_builddir)/shibsp/libshibsp-lite.la @BUILD_FASTCGI_TRUE@shibresponder_SOURCES = shibresponder.cpp -@BUILD_FASTCGI_TRUE@shibresponder_CXXFLAGS = -I$(FASTCGI_INCLUDE) +@BUILD_FASTCGI_TRUE@shibresponder_CXXFLAGS = $(FASTCGI_INCLUDE) @BUILD_FASTCGI_TRUE@shibresponder_LDFLAGS = $(FASTCGI_LDFLAGS) @BUILD_FASTCGI_TRUE@shibresponder_LDADD = $(FASTCGI_LIBS) \ @BUILD_FASTCGI_TRUE@ $(top_builddir)/shibsp/libshibsp-lite.la @@ -331,8 +360,11 @@ $(am__aclocal_m4_deps): install-fastcgiPROGRAMS: $(fastcgi_PROGRAMS) @$(NORMAL_INSTALL) - test -z "$(fastcgidir)" || $(MKDIR_P) "$(DESTDIR)$(fastcgidir)" @list='$(fastcgi_PROGRAMS)'; test -n "$(fastcgidir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(fastcgidir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(fastcgidir)" || exit 1; \ + fi; \ for p in $$list; do echo "$$p $$p"; done | \ sed 's/$(EXEEXT)$$//' | \ while read p p1; do if test -f $$p || test -f $$p1; \ @@ -372,10 +404,10 @@ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ echo " rm -f" $$list; \ rm -f $$list -shibauthorizer$(EXEEXT): $(shibauthorizer_OBJECTS) $(shibauthorizer_DEPENDENCIES) +shibauthorizer$(EXEEXT): $(shibauthorizer_OBJECTS) $(shibauthorizer_DEPENDENCIES) $(EXTRA_shibauthorizer_DEPENDENCIES) @rm -f shibauthorizer$(EXEEXT) $(shibauthorizer_LINK) $(shibauthorizer_OBJECTS) $(shibauthorizer_LDADD) $(LIBS) -shibresponder$(EXEEXT): $(shibresponder_OBJECTS) $(shibresponder_DEPENDENCIES) +shibresponder$(EXEEXT): $(shibresponder_OBJECTS) $(shibresponder_DEPENDENCIES) $(EXTRA_shibresponder_DEPENDENCIES) @rm -f shibresponder$(EXEEXT) $(shibresponder_LINK) $(shibresponder_OBJECTS) $(shibresponder_LDADD) $(LIBS) @@ -492,6 +524,20 @@ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: $(HEADERS) $(SOURCES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -542,10 +588,15 @@ installcheck: installcheck-am install-strip: - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - `test -z '$(STRIP)' || \ - echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi mostlyclean-generic: clean-generic: @@ -631,8 +682,8 @@ .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean \ - clean-fastcgiPROGRAMS clean-generic clean-libtool ctags \ - distclean distclean-compile distclean-generic \ + clean-fastcgiPROGRAMS clean-generic clean-libtool cscopelist \ + ctags distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ diff -Nru shibboleth-sp2-2.4.3+dfsg/fastcgi/shibauthorizer.cpp shibboleth-sp2-2.5.2+dfsg/fastcgi/shibauthorizer.cpp --- shibboleth-sp2-2.4.3+dfsg/fastcgi/shibauthorizer.cpp 2011-06-28 00:39:26.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/fastcgi/shibauthorizer.cpp 2012-07-23 20:08:22.000000000 +0000 @@ -239,8 +239,8 @@ string hdr=string("Status: 302 Please Wait\r\nLocation: ") + url + "\r\n" "Content-Type: text/html\r\n" "Content-Length: 40\r\n" - "Expires: 01-Jan-1997 12:00:00 GMT\r\n" - "Cache-Control: private,no-store,no-cache\r\n"; + "Expires: Wed, 01 Jan 1997 12:00:00 GMT\r\n" + "Cache-Control: private,no-store,no-cache,max-age=0\r\n"; for (multimap::const_iterator i=m_response_headers.begin(); i!=m_response_headers.end(); ++i) hdr += i->first + ": " + i->second + "\r\n"; hdr += "\r\n"; diff -Nru shibboleth-sp2-2.4.3+dfsg/fastcgi/shibauthorizer.rc shibboleth-sp2-2.5.2+dfsg/fastcgi/shibauthorizer.rc --- shibboleth-sp2-2.4.3+dfsg/fastcgi/shibauthorizer.rc 2011-06-28 00:39:26.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/fastcgi/shibauthorizer.rc 2013-05-19 23:35:08.000000000 +0000 @@ -1,109 +1,109 @@ -//Microsoft Developer Studio generated resource script. -// -#include "resource.h" - -#define APSTUDIO_READONLY_SYMBOLS -///////////////////////////////////////////////////////////////////////////// -// -// Generated from the TEXTINCLUDE 2 resource. -// -#include "afxres.h" - -///////////////////////////////////////////////////////////////////////////// -#undef APSTUDIO_READONLY_SYMBOLS - -///////////////////////////////////////////////////////////////////////////// -// English (U.S.) resources - -#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU) -#ifdef _WIN32 -LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US -#pragma code_page(1252) -#endif //_WIN32 - -#ifndef _MAC -///////////////////////////////////////////////////////////////////////////// -// -// Version -// - -VS_VERSION_INFO VERSIONINFO - FILEVERSION 2,4,3,0 - PRODUCTVERSION 2,4,3,0 - FILEFLAGSMASK 0x3fL -#ifdef _DEBUG - FILEFLAGS 0x1L -#else - FILEFLAGS 0x0L -#endif - FILEOS 0x40004L - FILETYPE 0x2L - FILESUBTYPE 0x0L -BEGIN - BLOCK "StringFileInfo" - BEGIN - BLOCK "040904b0" - BEGIN - VALUE "Comments", "\0" - VALUE "CompanyName", "UCAID\0" - VALUE "FileDescription", "Shibboleth FastCGI Authorizer\0" - VALUE "FileVersion", "2, 4, 3, 0\0" - VALUE "InternalName", "shibauthorizer\0" - VALUE "LegalCopyright", "Copyright © 2011 UCAID\0" - VALUE "LegalTrademarks", "\0" - VALUE "OriginalFilename", "shibauthorizer.exe\0" - VALUE "PrivateBuild", "\0" - VALUE "ProductName", "Shibboleth 2.4.3\0" - VALUE "ProductVersion", "2, 4, 3, 0\0" - VALUE "SpecialBuild", "\0" - END - END - BLOCK "VarFileInfo" - BEGIN - VALUE "Translation", 0x409, 1200 - END -END - -#endif // !_MAC - - -#ifdef APSTUDIO_INVOKED -///////////////////////////////////////////////////////////////////////////// -// -// TEXTINCLUDE -// - -1 TEXTINCLUDE DISCARDABLE -BEGIN - "resource.h\0" -END - -2 TEXTINCLUDE DISCARDABLE -BEGIN - "#include ""afxres.h""\r\n" - "\0" -END - -3 TEXTINCLUDE DISCARDABLE -BEGIN - "\r\n" - "\0" -END - -#endif // APSTUDIO_INVOKED - -#endif // English (U.S.) resources -///////////////////////////////////////////////////////////////////////////// - - - -#ifndef APSTUDIO_INVOKED -///////////////////////////////////////////////////////////////////////////// -// -// Generated from the TEXTINCLUDE 3 resource. -// - - -///////////////////////////////////////////////////////////////////////////// -#endif // not APSTUDIO_INVOKED - +//Microsoft Developer Studio generated resource script. +// +#include "resource.h" + +#define APSTUDIO_READONLY_SYMBOLS +///////////////////////////////////////////////////////////////////////////// +// +// Generated from the TEXTINCLUDE 2 resource. +// +#include "afxres.h" + +///////////////////////////////////////////////////////////////////////////// +#undef APSTUDIO_READONLY_SYMBOLS + +///////////////////////////////////////////////////////////////////////////// +// English (U.S.) resources + +#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU) +#ifdef _WIN32 +LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US +#pragma code_page(1252) +#endif //_WIN32 + +#ifndef _MAC +///////////////////////////////////////////////////////////////////////////// +// +// Version +// + +VS_VERSION_INFO VERSIONINFO + FILEVERSION 2,5,2,0 + PRODUCTVERSION 2,5,2,0 + FILEFLAGSMASK 0x3fL +#ifdef _DEBUG + FILEFLAGS 0x1L +#else + FILEFLAGS 0x0L +#endif + FILEOS 0x40004L + FILETYPE 0x2L + FILESUBTYPE 0x0L +BEGIN + BLOCK "StringFileInfo" + BEGIN + BLOCK "040904b0" + BEGIN + VALUE "Comments", "\0" + VALUE "CompanyName", "Shibboleth Consortium\0" + VALUE "FileDescription", "Shibboleth FastCGI Authorizer\0" + VALUE "FileVersion", "2, 5, 2, 0\0" + VALUE "InternalName", "shibauthorizer\0" + VALUE "LegalCopyright", "Copyright © 2013 UCAID\0" + VALUE "LegalTrademarks", "\0" + VALUE "OriginalFilename", "shibauthorizer.exe\0" + VALUE "PrivateBuild", "\0" + VALUE "ProductName", "Shibboleth 2.5.2\0" + VALUE "ProductVersion", "2, 5, 2, 0\0" + VALUE "SpecialBuild", "\0" + END + END + BLOCK "VarFileInfo" + BEGIN + VALUE "Translation", 0x409, 1200 + END +END + +#endif // !_MAC + + +#ifdef APSTUDIO_INVOKED +///////////////////////////////////////////////////////////////////////////// +// +// TEXTINCLUDE +// + +1 TEXTINCLUDE DISCARDABLE +BEGIN + "resource.h\0" +END + +2 TEXTINCLUDE DISCARDABLE +BEGIN + "#include ""afxres.h""\r\n" + "\0" +END + +3 TEXTINCLUDE DISCARDABLE +BEGIN + "\r\n" + "\0" +END + +#endif // APSTUDIO_INVOKED + +#endif // English (U.S.) resources +///////////////////////////////////////////////////////////////////////////// + + + +#ifndef APSTUDIO_INVOKED +///////////////////////////////////////////////////////////////////////////// +// +// Generated from the TEXTINCLUDE 3 resource. +// + + +///////////////////////////////////////////////////////////////////////////// +#endif // not APSTUDIO_INVOKED + diff -Nru shibboleth-sp2-2.4.3+dfsg/fastcgi/shibauthorizer.vcxproj shibboleth-sp2-2.5.2+dfsg/fastcgi/shibauthorizer.vcxproj --- shibboleth-sp2-2.4.3+dfsg/fastcgi/shibauthorizer.vcxproj 2011-06-28 00:39:26.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/fastcgi/shibauthorizer.vcxproj 2013-05-23 16:57:05.000000000 +0000 @@ -1,4 +1,4 @@ - + @@ -60,15 +60,16 @@ + + + <_ProjectFileVersion>10.0.30319.1 - $(SolutionDir)$(Configuration)\ $(ProjectName)-$(Configuration)\ false $(SolutionDir)$(Platform)\$(Configuration)\ $(Platform)\$(ProjectName)-$(Configuration)\ false - $(SolutionDir)$(Configuration)\ $(ProjectName)-$(Configuration)\ true $(SolutionDir)$(Platform)\$(Configuration)\ @@ -226,4 +227,4 @@ - \ No newline at end of file + diff -Nru shibboleth-sp2-2.4.3+dfsg/fastcgi/shibresponder.cpp shibboleth-sp2-2.5.2+dfsg/fastcgi/shibresponder.cpp --- shibboleth-sp2-2.4.3+dfsg/fastcgi/shibresponder.cpp 2011-06-28 00:39:26.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/fastcgi/shibresponder.cpp 2012-12-04 04:49:49.000000000 +0000 @@ -192,8 +192,8 @@ string hdr=string("Status: 302 Please Wait\r\nLocation: ") + url + "\r\n" "Content-Type: text/html\r\n" "Content-Length: 40\r\n" - "Expires: 01-Jan-1997 12:00:00 GMT\r\n" - "Cache-Control: private,no-store,no-cache\r\n"; + "Expires: Wed, 01 Jan 1997 12:00:00 GMT\r\n" + "Cache-Control: private,no-store,no-cache,max-age=0\r\n"; for (multimap::const_iterator i=m_headers.begin(); i!=m_headers.end(); ++i) hdr += i->first + ": " + i->second + "\r\n"; hdr += "\r\n"; @@ -248,10 +248,11 @@ if (clen > STDIN_MAX) clen = STDIN_MAX; - *content = new char[clen]; + *content = new char[clen + 1]; cin.read(*content, clen); clen = cin.gcount(); + (*content)[clen] = 0; } else { // *never* read stdin when CONTENT_LENGTH is missing or unparsable @@ -343,8 +344,9 @@ // Although FastCGI supports writing before reading, // many http clients (browsers) don't support it (so // the connection deadlocks until a timeout expires!). - char* content; + char* content = nullptr; gstdin(&request, &content); + auto_arrayptr wrapper(content); try { xmltooling::NDC ndc("FastCGI shibresponder"); @@ -384,8 +386,6 @@ print_error("FastCGI Shibboleth responder caught an exception, check log for details."); } - delete[] content; - // If the output streambufs had non-zero bufsizes and // were constructed outside of the accept loop (i.e. // their destructor won't be called here), they would diff -Nru shibboleth-sp2-2.4.3+dfsg/fastcgi/shibresponder.rc shibboleth-sp2-2.5.2+dfsg/fastcgi/shibresponder.rc --- shibboleth-sp2-2.4.3+dfsg/fastcgi/shibresponder.rc 2011-06-28 00:39:26.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/fastcgi/shibresponder.rc 2013-05-19 23:35:08.000000000 +0000 @@ -1,109 +1,109 @@ -//Microsoft Developer Studio generated resource script. -// -#include "resource.h" - -#define APSTUDIO_READONLY_SYMBOLS -///////////////////////////////////////////////////////////////////////////// -// -// Generated from the TEXTINCLUDE 2 resource. -// -#include "afxres.h" - -///////////////////////////////////////////////////////////////////////////// -#undef APSTUDIO_READONLY_SYMBOLS - -///////////////////////////////////////////////////////////////////////////// -// English (U.S.) resources - -#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU) -#ifdef _WIN32 -LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US -#pragma code_page(1252) -#endif //_WIN32 - -#ifndef _MAC -///////////////////////////////////////////////////////////////////////////// -// -// Version -// - -VS_VERSION_INFO VERSIONINFO - FILEVERSION 2,4,3,0 - PRODUCTVERSION 2,4,3,0 - FILEFLAGSMASK 0x3fL -#ifdef _DEBUG - FILEFLAGS 0x1L -#else - FILEFLAGS 0x0L -#endif - FILEOS 0x40004L - FILETYPE 0x2L - FILESUBTYPE 0x0L -BEGIN - BLOCK "StringFileInfo" - BEGIN - BLOCK "040904b0" - BEGIN - VALUE "Comments", "\0" - VALUE "CompanyName", "UCAID\0" - VALUE "FileDescription", "Shibboleth FastCGI Responder\0" - VALUE "FileVersion", "2, 4, 3, 0\0" - VALUE "InternalName", "shibresponder\0" - VALUE "LegalCopyright", "Copyright © 2011 UCAID\0" - VALUE "LegalTrademarks", "\0" - VALUE "OriginalFilename", "shibresponder.exe\0" - VALUE "PrivateBuild", "\0" - VALUE "ProductName", "Shibboleth 2.4.3\0" - VALUE "ProductVersion", "2, 4, 3, 0\0" - VALUE "SpecialBuild", "\0" - END - END - BLOCK "VarFileInfo" - BEGIN - VALUE "Translation", 0x409, 1200 - END -END - -#endif // !_MAC - - -#ifdef APSTUDIO_INVOKED -///////////////////////////////////////////////////////////////////////////// -// -// TEXTINCLUDE -// - -1 TEXTINCLUDE DISCARDABLE -BEGIN - "resource.h\0" -END - -2 TEXTINCLUDE DISCARDABLE -BEGIN - "#include ""afxres.h""\r\n" - "\0" -END - -3 TEXTINCLUDE DISCARDABLE -BEGIN - "\r\n" - "\0" -END - -#endif // APSTUDIO_INVOKED - -#endif // English (U.S.) resources -///////////////////////////////////////////////////////////////////////////// - - - -#ifndef APSTUDIO_INVOKED -///////////////////////////////////////////////////////////////////////////// -// -// Generated from the TEXTINCLUDE 3 resource. -// - - -///////////////////////////////////////////////////////////////////////////// -#endif // not APSTUDIO_INVOKED - +//Microsoft Developer Studio generated resource script. +// +#include "resource.h" + +#define APSTUDIO_READONLY_SYMBOLS +///////////////////////////////////////////////////////////////////////////// +// +// Generated from the TEXTINCLUDE 2 resource. +// +#include "afxres.h" + +///////////////////////////////////////////////////////////////////////////// +#undef APSTUDIO_READONLY_SYMBOLS + +///////////////////////////////////////////////////////////////////////////// +// English (U.S.) resources + +#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU) +#ifdef _WIN32 +LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US +#pragma code_page(1252) +#endif //_WIN32 + +#ifndef _MAC +///////////////////////////////////////////////////////////////////////////// +// +// Version +// + +VS_VERSION_INFO VERSIONINFO + FILEVERSION 2,5,2,0 + PRODUCTVERSION 2,5,2,0 + FILEFLAGSMASK 0x3fL +#ifdef _DEBUG + FILEFLAGS 0x1L +#else + FILEFLAGS 0x0L +#endif + FILEOS 0x40004L + FILETYPE 0x2L + FILESUBTYPE 0x0L +BEGIN + BLOCK "StringFileInfo" + BEGIN + BLOCK "040904b0" + BEGIN + VALUE "Comments", "\0" + VALUE "CompanyName", "Shibboleth Consortium\0" + VALUE "FileDescription", "Shibboleth FastCGI Responder\0" + VALUE "FileVersion", "2, 5, 2, 0\0" + VALUE "InternalName", "shibresponder\0" + VALUE "LegalCopyright", "Copyright © 2013 UCAID\0" + VALUE "LegalTrademarks", "\0" + VALUE "OriginalFilename", "shibresponder.exe\0" + VALUE "PrivateBuild", "\0" + VALUE "ProductName", "Shibboleth 2.5.2\0" + VALUE "ProductVersion", "2, 5, 2, 0\0" + VALUE "SpecialBuild", "\0" + END + END + BLOCK "VarFileInfo" + BEGIN + VALUE "Translation", 0x409, 1200 + END +END + +#endif // !_MAC + + +#ifdef APSTUDIO_INVOKED +///////////////////////////////////////////////////////////////////////////// +// +// TEXTINCLUDE +// + +1 TEXTINCLUDE DISCARDABLE +BEGIN + "resource.h\0" +END + +2 TEXTINCLUDE DISCARDABLE +BEGIN + "#include ""afxres.h""\r\n" + "\0" +END + +3 TEXTINCLUDE DISCARDABLE +BEGIN + "\r\n" + "\0" +END + +#endif // APSTUDIO_INVOKED + +#endif // English (U.S.) resources +///////////////////////////////////////////////////////////////////////////// + + + +#ifndef APSTUDIO_INVOKED +///////////////////////////////////////////////////////////////////////////// +// +// Generated from the TEXTINCLUDE 3 resource. +// + + +///////////////////////////////////////////////////////////////////////////// +#endif // not APSTUDIO_INVOKED + diff -Nru shibboleth-sp2-2.4.3+dfsg/fastcgi/shibresponder.vcxproj shibboleth-sp2-2.5.2+dfsg/fastcgi/shibresponder.vcxproj --- shibboleth-sp2-2.4.3+dfsg/fastcgi/shibresponder.vcxproj 2011-06-28 00:39:26.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/fastcgi/shibresponder.vcxproj 2013-05-23 16:57:05.000000000 +0000 @@ -1,4 +1,4 @@ - + @@ -61,15 +61,16 @@ + + + <_ProjectFileVersion>10.0.30319.1 - $(SolutionDir)$(Configuration)\ $(ProjectName)-$(Configuration)\ false $(SolutionDir)$(Platform)\$(Configuration)\ $(Platform)\$(ProjectName)-$(Configuration)\ false - $(SolutionDir)$(Configuration)\ $(ProjectName)-$(Configuration)\ true $(SolutionDir)$(Platform)\$(Configuration)\ @@ -227,4 +228,4 @@ - \ No newline at end of file + diff -Nru shibboleth-sp2-2.4.3+dfsg/isapi_shib/isapi_shib.cpp shibboleth-sp2-2.5.2+dfsg/isapi_shib/isapi_shib.cpp --- shibboleth-sp2-2.4.3+dfsg/isapi_shib/isapi_shib.cpp 2011-06-28 00:39:28.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/isapi_shib/isapi_shib.cpp 2012-07-23 20:08:29.000000000 +0000 @@ -37,10 +37,10 @@ #include #include -#include #include #include #include +#include #include #include #include @@ -56,6 +56,7 @@ using namespace shibsp; using namespace xmltooling; using namespace xercesc; +using namespace boost; using namespace std; // globals @@ -72,19 +73,15 @@ struct site_t { site_t(const DOMElement* e) + : m_name(XMLHelper::getAttrString(e, "", name)), + m_scheme(XMLHelper::getAttrString(e, "", scheme)), + m_port(XMLHelper::getAttrString(e, "", port)), + m_sslport(XMLHelper::getAttrString(e, "", sslport)) { - auto_ptr_char n(e->getAttributeNS(nullptr,name)); - auto_ptr_char s(e->getAttributeNS(nullptr,scheme)); - auto_ptr_char p(e->getAttributeNS(nullptr,port)); - auto_ptr_char p2(e->getAttributeNS(nullptr,sslport)); - if (n.get()) m_name=n.get(); - if (s.get()) m_scheme=s.get(); - if (p.get()) m_port=p.get(); - if (p2.get()) m_sslport=p2.get(); e = XMLHelper::getFirstChildElement(e, Alias); while (e) { if (e->hasChildNodes()) { - auto_ptr_char alias(e->getFirstChild()->getNodeValue()); + auto_ptr_char alias(e->getTextContent()); m_aliases.insert(alias.get()); } e = XMLHelper::getNextSiblingElement(e, Alias); @@ -132,8 +129,8 @@ extern "C" __declspec(dllexport) BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID) { - if (fdwReason==DLL_PROCESS_ATTACH) - g_hinstDLL=hinstDLL; + if (fdwReason == DLL_PROCESS_ATTACH) + g_hinstDLL = hinstDLL; return TRUE; } @@ -148,7 +145,7 @@ return FALSE; } - pVer->dwExtensionVersion=HSE_VERSION; + pVer->dwExtensionVersion = HSE_VERSION; strncpy(pVer->lpszExtensionDesc,"Shibboleth ISAPI Extension",HSE_MAX_EXT_DLL_NAME_LEN-1); return TRUE; } @@ -168,7 +165,7 @@ return TRUE; } - g_Config=&SPConfig::getConfig(); + g_Config = &SPConfig::getConfig(); g_Config->setFeatures( SPConfig::Listener | SPConfig::Caching | @@ -178,7 +175,7 @@ SPConfig::Handlers ); if (!g_Config->init()) { - g_Config=nullptr; + g_Config = nullptr; LogEvent(nullptr, EVENTLOG_ERROR_TYPE, 2100, nullptr, "Filter startup failed during library initialization, check native log for help."); return FALSE; @@ -188,7 +185,7 @@ if (!g_Config->instantiate(nullptr, true)) throw runtime_error("unknown error"); } - catch (exception& ex) { + catch (std::exception& ex) { g_Config->term(); g_Config=nullptr; LogEvent(nullptr, EVENTLOG_ERROR_TYPE, 2100, nullptr, ex.what()); @@ -198,16 +195,16 @@ } // Access implementation-specifics and site mappings. - ServiceProvider* sp=g_Config->getServiceProvider(); + ServiceProvider* sp = g_Config->getServiceProvider(); Locker locker(sp); - const PropertySet* props=sp->getPropertySet("InProcess"); + const PropertySet* props = sp->getPropertySet("InProcess"); if (props) { - pair flag=props->getBool("checkSpoofing"); + pair flag = props->getBool("checkSpoofing"); g_checkSpoofing = !flag.first || flag.second; - flag=props->getBool("catchAll"); + flag = props->getBool("catchAll"); g_catchAll = flag.first && flag.second; - pair unsetValue=props->getString("unsetHeaderValue"); + pair unsetValue = props->getString("unsetHeaderValue"); if (unsetValue.first) g_unsetHeaderValue = unsetValue.second; if (g_checkSpoofing) { @@ -219,9 +216,8 @@ unsigned int randkey=0,randkey2=0,randkey3=0,randkey4=0; if (rand_s(&randkey) == 0 && rand_s(&randkey2) == 0 && rand_s(&randkey3) == 0 && rand_s(&randkey4) == 0) { _set_invalid_parameter_handler(old); - ostringstream keystr; - keystr << randkey << randkey2 << randkey3 << randkey4; - g_spoofKey = keystr.str(); + g_spoofKey = lexical_cast(randkey) + lexical_cast(randkey2) + + lexical_cast(randkey3) + lexical_cast(randkey4); } else { _set_invalid_parameter_handler(old); @@ -229,7 +225,7 @@ "Filter failed to generate a random anti-spoofing key (if this is Windows 2000 set one manually)."); locker.assign(); // pops lock on SP config g_Config->term(); - g_Config=nullptr; + g_Config = nullptr; return FALSE; } } @@ -241,18 +237,18 @@ g_bNormalizeRequest = !flag.first || flag.second; flag = props->getBool("safeHeaderNames"); g_bSafeHeaderNames = flag.first && flag.second; - const DOMElement* child = XMLHelper::getFirstChildElement(props->getElement(),Site); + const DOMElement* child = XMLHelper::getFirstChildElement(props->getElement(), Site); while (child) { - auto_ptr_char id(child->getAttributeNS(nullptr,id)); - if (id.get()) - g_Sites.insert(pair(id.get(),site_t(child))); - child=XMLHelper::getNextSiblingElement(child,Site); + string id(XMLHelper::getAttrString(child, "", id)); + if (!id.empty()) + g_Sites.insert(make_pair(id, site_t(child))); + child = XMLHelper::getNextSiblingElement(child, Site); } } } - pVer->dwFilterVersion=HTTP_FILTER_REVISION; - strncpy(pVer->lpszFilterDesc,"Shibboleth ISAPI Filter",SF_MAX_FILTER_DESC_LEN); + pVer->dwFilterVersion = HTTP_FILTER_REVISION; + strncpy(pVer->lpszFilterDesc, "Shibboleth ISAPI Filter", SF_MAX_FILTER_DESC_LEN); pVer->dwFlags=(SF_NOTIFY_ORDER_HIGH | SF_NOTIFY_SECURE_PORT | SF_NOTIFY_NONSECURE_PORT | @@ -321,61 +317,6 @@ return strcmp(bufptr,s)==0; } -void GetServerVariable(PHTTP_FILTER_CONTEXT pfc, LPSTR lpszVariable, dynabuf& s, DWORD size=80, bool bRequired=true) -{ - s.reserve(size); - s.erase(); - size=s.size(); - - while (!pfc->GetServerVariable(pfc,lpszVariable,s,&size)) { - // Grumble. Check the error. - DWORD e=GetLastError(); - if (e==ERROR_INSUFFICIENT_BUFFER) - s.reserve(size); - else - break; - } - if (bRequired && s.empty()) - throw ERROR_NO_DATA; -} - -void GetServerVariable(LPEXTENSION_CONTROL_BLOCK lpECB, LPSTR lpszVariable, dynabuf& s, DWORD size=80, bool bRequired=true) -{ - s.reserve(size); - s.erase(); - size=s.size(); - - while (!lpECB->GetServerVariable(lpECB->ConnID,lpszVariable,s,&size)) { - // Grumble. Check the error. - DWORD e=GetLastError(); - if (e==ERROR_INSUFFICIENT_BUFFER) - s.reserve(size); - else - break; - } - if (bRequired && s.empty()) - throw ERROR_NO_DATA; -} - -void GetHeader(PHTTP_FILTER_PREPROC_HEADERS pn, PHTTP_FILTER_CONTEXT pfc, - LPSTR lpszName, dynabuf& s, DWORD size=80, bool bRequired=true) -{ - s.reserve(size); - s.erase(); - size=s.size(); - - while (!pn->GetHeader(pfc,lpszName,s,&size)) { - // Grumble. Check the error. - DWORD e=GetLastError(); - if (e==ERROR_INSUFFICIENT_BUFFER) - s.reserve(size); - else - break; - } - if (bRequired && s.empty()) - throw ERROR_NO_DATA; -} - /****************************************************************************/ // ISAPI Filter @@ -396,13 +337,18 @@ // URL path always come from IIS. dynabuf var(256); - GetHeader(pn,pfc,"url",var,256,false); + GetHeader("url",var,256,false); setRequestURI(var); // Port may come from IIS or from site def. if (!g_bNormalizeRequest || (pfc->fIsSecurePort && site.m_sslport.empty()) || (!pfc->fIsSecurePort && site.m_port.empty())) { - GetServerVariable(pfc,"SERVER_PORT",var,10); - m_port = atoi(var); + GetServerVariable("SERVER_PORT",var,10); + if (var.empty()) { + m_port = pfc->fIsSecurePort ? 443 : 80; + } + else { + m_port = atoi(var); + } } else if (pfc->fIsSecurePort) { m_port = atoi(site.m_sslport.c_str()); @@ -416,15 +362,20 @@ if (m_scheme.empty() || !g_bNormalizeRequest) m_scheme=pfc->fIsSecurePort ? "https" : "http"; - GetServerVariable(pfc,"SERVER_NAME",var,32); + GetServerVariable("SERVER_NAME",var,32); - // Make sure SERVER_NAME is "authorized" for use on this site. If not, set to canonical name. - m_hostname = var; - if (site.m_name!=m_hostname && site.m_aliases.find(m_hostname)==site.m_aliases.end()) - m_hostname=site.m_name; + // Make sure SERVER_NAME is "authorized" for use on this site. If not, or empty, set to canonical name. + if (var.empty()) { + m_hostname = site.m_name; + } + else { + m_hostname = var; + if (site.m_name != m_hostname && site.m_aliases.find(m_hostname) == site.m_aliases.end()) + m_hostname = site.m_name; + } if (!g_spoofKey.empty()) { - GetHeader(pn, pfc, "ShibSpoofCheck:", var, 32, false); + GetHeader("ShibSpoofCheck:", var, 32, false); if (!var.empty() && g_spoofKey == (char*)var) m_firsttime = false; } @@ -451,7 +402,7 @@ const char* getMethod() const { if (m_method.empty()) { dynabuf var(5); - GetServerVariable(m_pfc,"HTTP_METHOD",var,5,false); + GetServerVariable("HTTP_METHOD",var,5,false); if (!var.empty()) m_method = var; } @@ -460,7 +411,7 @@ string getContentType() const { if (m_content_type.empty()) { dynabuf var(32); - GetServerVariable(m_pfc,"HTTP_CONTENT_TYPE",var,32,false); + GetServerVariable("HTTP_CONTENT_TYPE",var,32,false); if (!var.empty()) m_content_type = var; } @@ -470,13 +421,13 @@ m_remote_addr = AbstractSPRequest::getRemoteAddr(); if (m_remote_addr.empty()) { dynabuf var(16); - GetServerVariable(m_pfc,"REMOTE_ADDR",var,16,false); + GetServerVariable("REMOTE_ADDR",var,16,false); if (!var.empty()) m_remote_addr = var; } return m_remote_addr; } - void log(SPLogLevel level, const string& msg) { + void log(SPLogLevel level, const string& msg) const { AbstractSPRequest::log(level,msg); if (level >= SPCrit) LogEvent(nullptr, EVENTLOG_ERROR_TYPE, 2100, nullptr, msg.c_str()); @@ -492,10 +443,12 @@ void clearHeader(const char* rawname, const char* cginame) { if (g_checkSpoofing && m_firsttime) { if (m_allhttp.empty()) - GetServerVariable(m_pfc, "ALL_HTTP", m_allhttp, 4096); - string hdr = g_bSafeHeaderNames ? ("HTTP_" + makeSafeHeader(cginame + 5)) : (string(cginame) + ':'); - if (strstr(m_allhttp, hdr.c_str())) - throw opensaml::SecurityPolicyException("Attempt to spoof header ($1) was detected.", params(1, hdr.c_str())); + GetServerVariable( "ALL_HTTP", m_allhttp, 4096, false); + if (!m_allhttp.empty()) { + string hdr = g_bSafeHeaderNames ? ("HTTP_" + makeSafeHeader(cginame + 5)) : (string(cginame) + ':'); + if (strstr(m_allhttp, hdr.c_str())) + throw opensaml::SecurityPolicyException("Attempt to spoof header ($1) was detected.", params(1, hdr.c_str())); + } } if (g_bSafeHeaderNames) { string hdr = makeSafeHeader(rawname); @@ -517,14 +470,14 @@ string getSecureHeader(const char* name) const { string hdr = g_bSafeHeaderNames ? makeSafeHeader(name) : (string(name) + ':'); dynabuf buf(256); - GetHeader(m_pn, m_pfc, const_cast(hdr.c_str()), buf, 256, false); + GetHeader(const_cast(hdr.c_str()), buf, 256, false); return string(buf.empty() ? "" : buf); } string getHeader(const char* name) const { string hdr(name); hdr += ':'; dynabuf buf(256); - GetHeader(m_pn, m_pfc, const_cast(hdr.c_str()), buf, 256, false); + GetHeader(const_cast(hdr.c_str()), buf, 256, false); return string(buf.empty() ? "" : buf); } void setRemoteUser(const char* user) { @@ -547,7 +500,7 @@ } long sendResponse(istream& in, long status) { string hdr = string("Connection: close\r\n"); - for (multimap::const_iterator i=m_headers.begin(); i!=m_headers.end(); ++i) + for (multimap::const_iterator i = m_headers.begin(); i != m_headers.end(); ++i) hdr += i->first + ": " + i->second + "\r\n"; hdr += "\r\n"; const char* codestr="200 OK"; @@ -558,7 +511,7 @@ case XMLTOOLING_HTTP_STATUS_NOTFOUND: codestr="404 Not Found"; break; case XMLTOOLING_HTTP_STATUS_ERROR: codestr="500 Server Error"; break; } - m_pfc->ServerSupportFunction(m_pfc, SF_REQ_SEND_RESPONSE_HEADER, (void*)codestr, (DWORD)hdr.c_str(), 0); + m_pfc->ServerSupportFunction(m_pfc, SF_REQ_SEND_RESPONSE_HEADER, (void*)codestr, (ULONG_PTR)hdr.c_str(), 0); char buf[1024]; while (in) { in.read(buf,1024); @@ -572,12 +525,12 @@ string hdr=string("Location: ") + url + "\r\n" "Content-Type: text/html\r\n" "Content-Length: 40\r\n" - "Expires: 01-Jan-1997 12:00:00 GMT\r\n" - "Cache-Control: private,no-store,no-cache\r\n"; - for (multimap::const_iterator i=m_headers.begin(); i!=m_headers.end(); ++i) + "Expires: Wed, 01 Jan 1997 12:00:00 GMT\r\n" + "Cache-Control: private,no-store,no-cache,max-age=0\r\n"; + for (multimap::const_iterator i = m_headers.begin(); i != m_headers.end(); ++i) hdr += i->first + ": " + i->second + "\r\n"; hdr += "\r\n"; - m_pfc->ServerSupportFunction(m_pfc, SF_REQ_SEND_RESPONSE_HEADER, "302 Please Wait", (DWORD)hdr.c_str(), 0); + m_pfc->ServerSupportFunction(m_pfc, SF_REQ_SEND_RESPONSE_HEADER, "302 Please Wait", (ULONG_PTR)hdr.c_str(), 0); static const char* redmsg="Redirecting..."; DWORD resplen=40; m_pfc->WriteClient(m_pfc, (LPVOID)redmsg, &resplen, 0); @@ -597,13 +550,47 @@ // The filter never processes the POST, so stub these methods. long getContentLength() const { throw IOException("The request's Content-Length is not available to an ISAPI filter."); } const char* getRequestBody() const { throw IOException("The request body is not available to an ISAPI filter."); } + + void GetServerVariable(LPSTR lpszVariable, dynabuf& s, DWORD size=80, bool bRequired=true) const { + s.reserve(size); + s.erase(); + size=s.size(); + + while (!m_pfc->GetServerVariable(m_pfc,lpszVariable,s,&size)) { + // Grumble. Check the error. + DWORD e = GetLastError(); + if (e == ERROR_INSUFFICIENT_BUFFER) + s.reserve(size); + else + break; + } + if (bRequired && s.empty()) + log(SPRequest::SPError, string("missing required server variable: ") + lpszVariable); + } + + void GetHeader(LPSTR lpszName, dynabuf& s, DWORD size=80, bool bRequired=true) const { + s.reserve(size); + s.erase(); + size=s.size(); + + while (!m_pn->GetHeader(m_pfc,lpszName,s,&size)) { + // Grumble. Check the error. + DWORD e = GetLastError(); + if (e == ERROR_INSUFFICIENT_BUFFER) + s.reserve(size); + else + break; + } + if (bRequired && s.empty()) + log(SPRequest::SPError, string("missing required header: ") + lpszName); + } }; DWORD WriteClientError(PHTTP_FILTER_CONTEXT pfc, const char* msg) { LogEvent(nullptr, EVENTLOG_ERROR_TYPE, 2100, nullptr, msg); static const char* ctype="Connection: close\r\nContent-Type: text/html\r\n\r\n"; - pfc->ServerSupportFunction(pfc,SF_REQ_SEND_RESPONSE_HEADER,"200 OK",(DWORD)ctype,0); + pfc->ServerSupportFunction(pfc,SF_REQ_SEND_RESPONSE_HEADER,"200 OK",(ULONG_PTR)ctype,0); static const char* xmsg="Shibboleth Filter Error" "

Shibboleth Filter Error

"; DWORD resplen=strlen(xmsg); @@ -616,40 +603,60 @@ return SF_STATUS_REQ_FINISHED; } +void GetServerVariable(PHTTP_FILTER_CONTEXT pfc, LPSTR lpszVariable, dynabuf& s, DWORD size=80, bool bRequired=true) +{ + s.reserve(size); + s.erase(); + size=s.size(); + + while (!pfc->GetServerVariable(pfc,lpszVariable,s,&size)) { + // Grumble. Check the error. + DWORD e=GetLastError(); + if (e==ERROR_INSUFFICIENT_BUFFER) + s.reserve(size); + else + break; + } + if (bRequired && s.empty()) { + string msg = string("Missing required server variable: ") + lpszVariable; + LogEvent(nullptr, EVENTLOG_ERROR_TYPE, 2100, nullptr, msg.c_str()); + } +} + + extern "C" DWORD WINAPI HttpFilterProc(PHTTP_FILTER_CONTEXT pfc, DWORD notificationType, LPVOID pvNotification) { // Is this a log notification? - if (notificationType==SF_NOTIFY_LOG) { + if (notificationType == SF_NOTIFY_LOG) { if (pfc->pFilterContext) - ((PHTTP_FILTER_LOG)pvNotification)->pszClientUserName=reinterpret_cast(pfc->pFilterContext); + ((PHTTP_FILTER_LOG)pvNotification)->pszClientUserName = reinterpret_cast(pfc->pFilterContext); return SF_STATUS_REQ_NEXT_NOTIFICATION; } PHTTP_FILTER_PREPROC_HEADERS pn=(PHTTP_FILTER_PREPROC_HEADERS)pvNotification; - try - { + try { // Determine web site number. This can't really fail, I don't think. dynabuf buf(128); GetServerVariable(pfc,"INSTANCE_ID",buf,10); + if (buf.empty()) + return WriteClientError(pfc, "Shibboleth Filter failed to obtain INSTANCE_ID server variable."); // Match site instance to host name, skip if no match. - map::const_iterator map_i=g_Sites.find(static_cast(buf)); - if (map_i==g_Sites.end()) + map::const_iterator map_i = g_Sites.find(static_cast(buf)); + if (map_i == g_Sites.end()) return SF_STATUS_REQ_NEXT_NOTIFICATION; - ostringstream threadid; - threadid << "[" << getpid() << "] isapi_shib" << '\0'; - xmltooling::NDC ndc(threadid.str().c_str()); + string threadid("["); + threadid += lexical_cast(getpid()) + "] isapi_shib"; + xmltooling::NDC ndc(threadid.c_str()); ShibTargetIsapiF stf(pfc, pn, map_i->second); - // "false" because we don't override the Shib settings pair res = stf.getServiceProvider().doAuthentication(stf); if (!g_spoofKey.empty()) pn->SetHeader(pfc, "ShibSpoofCheck:", const_cast(g_spoofKey.c_str())); if (res.first) return res.second; - // "false" because we don't override the Shib settings res = stf.getServiceProvider().doExport(stf); if (res.first) return res.second; @@ -659,26 +666,26 @@ return SF_STATUS_REQ_NEXT_NOTIFICATION; } catch(bad_alloc) { - return WriteClientError(pfc,"Out of Memory"); + return WriteClientError(pfc, "Out of Memory"); } catch(long e) { if (e==ERROR_NO_DATA) - return WriteClientError(pfc,"A required variable or header was empty."); + return WriteClientError(pfc, "A required variable or header was empty."); else - return WriteClientError(pfc,"Shibboleth Filter detected unexpected IIS error."); + return WriteClientError(pfc, "Shibboleth Filter detected unexpected IIS error."); } - catch (exception& e) { + catch (std::exception& e) { LogEvent(nullptr, EVENTLOG_ERROR_TYPE, 2100, nullptr, e.what()); - return WriteClientError(pfc,"Shibboleth Filter caught an exception, check Event Log for details."); + return WriteClientError(pfc, "Shibboleth Filter caught an exception, check Event Log for details."); } catch(...) { LogEvent(nullptr, EVENTLOG_ERROR_TYPE, 2100, nullptr, "Shibboleth Filter threw an unknown exception."); if (g_catchAll) - return WriteClientError(pfc,"Shibboleth Filter threw an unknown exception."); + return WriteClientError(pfc, "Shibboleth Filter threw an unknown exception."); throw; } - return WriteClientError(pfc,"Shibboleth Filter reached unreachable code, save my walrus!"); + return WriteClientError(pfc, "Shibboleth Filter reached unreachable code, save my walrus!"); } @@ -717,39 +724,47 @@ ShibTargetIsapiE(LPEXTENSION_CONTROL_BLOCK lpECB, const site_t& site) : AbstractSPRequest(SHIBSP_LOGCAT".ISAPI"), m_lpECB(lpECB), m_gotBody(false) { dynabuf ssl(5); - GetServerVariable(lpECB,"HTTPS",ssl,5); + GetServerVariable("HTTPS",ssl,5); bool SSL=(ssl=="on" || ssl=="ON"); // Scheme may come from site def or be derived from IIS. - m_scheme=site.m_scheme; + m_scheme = site.m_scheme; if (m_scheme.empty() || !g_bNormalizeRequest) m_scheme = SSL ? "https" : "http"; // URL path always come from IIS. dynabuf url(256); - GetServerVariable(lpECB,"URL",url,255); + GetServerVariable("URL",url,255); // Port may come from IIS or from site def. - dynabuf port(11); - if (!g_bNormalizeRequest || (SSL && site.m_sslport.empty()) || (!SSL && site.m_port.empty())) - GetServerVariable(lpECB,"SERVER_PORT",port,10); + if (!g_bNormalizeRequest || (SSL && site.m_sslport.empty()) || (!SSL && site.m_port.empty())) { + dynabuf port(11); + GetServerVariable("SERVER_PORT",port,10); + if (port.empty()) { + m_port = SSL ? 443 : 80; + } + else { + m_port = atoi(port); + } + } else if (SSL) { - strncpy(port,site.m_sslport.c_str(),10); - static_cast(port)[10]=0; + m_port = atoi(site.m_sslport.c_str()); } else { - strncpy(port,site.m_port.c_str(),10); - static_cast(port)[10]=0; + m_port = atoi(site.m_port.c_str()); } - m_port = atoi(port); dynabuf var(32); - GetServerVariable(lpECB, "SERVER_NAME", var, 32); - - // Make sure SERVER_NAME is "authorized" for use on this site. If not, set to canonical name. - m_hostname=var; - if (site.m_name!=m_hostname && site.m_aliases.find(m_hostname)==site.m_aliases.end()) - m_hostname=site.m_name; + GetServerVariable("SERVER_NAME", var, 32); + if (var.empty()) { + m_hostname = site.m_name; + } + else { + // Make sure SERVER_NAME is "authorized" for use on this site. If not, set to canonical name. + m_hostname=var; + if (site.m_name != m_hostname && site.m_aliases.find(m_hostname) == site.m_aliases.end()) + m_hostname = site.m_name; + } /* * IIS screws us over on PATH_INFO (the hits keep on coming). We need to figure out if @@ -776,11 +791,12 @@ // Pretty good chance we're in bad mode, unless the PathInfo repeats the path itself. uri = lpECB->lpszPathInfo; else { - uri = url; + if (!url.empty()) + uri = url; uri += lpECB->lpszPathInfo; } } - else { + else if (!url.empty()) { uri = url; } @@ -792,7 +808,7 @@ setRequestURI(uri.c_str()); } - ~ShibTargetIsapiE() { } + ~ShibTargetIsapiE() {} const char* getScheme() const { return m_scheme.c_str(); @@ -815,7 +831,7 @@ string getRemoteUser() const { if (m_remote_user.empty()) { dynabuf var(16); - GetServerVariable(m_lpECB, "REMOTE_USER", var, 32, false); + GetServerVariable("REMOTE_USER", var, 32, false); if (!var.empty()) m_remote_user = var; } @@ -825,7 +841,7 @@ m_remote_addr = AbstractSPRequest::getRemoteAddr(); if (m_remote_addr.empty()) { dynabuf var(16); - GetServerVariable(m_lpECB, "REMOTE_ADDR", var, 16, false); + GetServerVariable("REMOTE_ADDR", var, 16, false); if (!var.empty()) m_remote_addr = var; } @@ -839,13 +855,13 @@ string getHeader(const char* name) const { string hdr("HTTP_"); for (; *name; ++name) { - if (*name=='-') + if (*name == '-') hdr += '_'; else hdr += toupper(*name); } dynabuf buf(128); - GetServerVariable(m_lpECB, const_cast(hdr.c_str()), buf, 128, false); + GetServerVariable(const_cast(hdr.c_str()), buf, 128, false); return buf.empty() ? "" : buf; } void setResponseHeader(const char* name, const char* value) { @@ -894,7 +910,7 @@ } long sendResponse(istream& in, long status) { string hdr = string("Connection: close\r\n"); - for (multimap::const_iterator i=m_headers.begin(); i!=m_headers.end(); ++i) + for (multimap::const_iterator i = m_headers.begin(); i != m_headers.end(); ++i) hdr += i->first + ": " + i->second + "\r\n"; hdr += "\r\n"; const char* codestr="200 OK"; @@ -919,9 +935,9 @@ string hdr=string("Location: ") + url + "\r\n" "Content-Type: text/html\r\n" "Content-Length: 40\r\n" - "Expires: 01-Jan-1997 12:00:00 GMT\r\n" - "Cache-Control: private,no-store,no-cache\r\n"; - for (multimap::const_iterator i=m_headers.begin(); i!=m_headers.end(); ++i) + "Expires: Wed, 01 Jan 1997 12:00:00 GMT\r\n" + "Cache-Control: private,no-store,no-cache,max-age=0\r\n"; + for (multimap::const_iterator i = m_headers.begin(); i != m_headers.end(); ++i) hdr += i->first + ": " + i->second + "\r\n"; hdr += "\r\n"; m_lpECB->ServerSupportFunction(m_lpECB->ConnID, HSE_REQ_SEND_RESPONSE_HEADER, "302 Moved", 0, (LPDWORD)hdr.c_str()); @@ -930,7 +946,7 @@ m_lpECB->WriteClient(m_lpECB->ConnID, (LPVOID)redmsg, &resplen, HSE_IO_SYNC); return HSE_STATUS_SUCCESS; } - // Decline happens in the POST processor if this isn't the shire url + // Decline happens in the POST processor if this isn't the handler url // Note that it can also happen with HTAccess, but we don't support that, yet. long returnDecline() { return WriteClientError( @@ -971,22 +987,61 @@ void clearHeader(const char* rawname, const char* cginame) { throw runtime_error("clearHeader not implemented"); } void setHeader(const char* name, const char* value) { throw runtime_error("setHeader not implemented"); } void setRemoteUser(const char* user) { throw runtime_error("setRemoteUser not implemented"); } + + void GetServerVariable(LPSTR lpszVariable, dynabuf& s, DWORD size=80, bool bRequired=true) const { + s.reserve(size); + s.erase(); + size=s.size(); + + while (!m_lpECB->GetServerVariable(m_lpECB->ConnID,lpszVariable,s,&size)) { + // Grumble. Check the error. + DWORD e=GetLastError(); + if (e==ERROR_INSUFFICIENT_BUFFER) + s.reserve(size); + else + break; + } + if (bRequired && s.empty()) + log(SPRequest::SPError, string("missing required server variable: ") + lpszVariable); + } }; +void GetServerVariable(LPEXTENSION_CONTROL_BLOCK lpECB, LPSTR lpszVariable, dynabuf& s, DWORD size=80, bool bRequired=true) +{ + s.reserve(size); + s.erase(); + size=s.size(); + + while (!lpECB->GetServerVariable(lpECB->ConnID,lpszVariable,s,&size)) { + // Grumble. Check the error. + DWORD e=GetLastError(); + if (e==ERROR_INSUFFICIENT_BUFFER) + s.reserve(size); + else + break; + } + if (bRequired && s.empty()) { + string msg = string("Missing required server variable: ") + lpszVariable; + LogEvent(nullptr, EVENTLOG_ERROR_TYPE, 2100, nullptr, msg.c_str()); + } +} + extern "C" DWORD WINAPI HttpExtensionProc(LPEXTENSION_CONTROL_BLOCK lpECB) { try { - ostringstream threadid; - threadid << "[" << getpid() << "] isapi_shib_extension" << '\0'; - xmltooling::NDC ndc(threadid.str().c_str()); + string threadid("["); + threadid += lexical_cast(getpid()) + "] isapi_shib_extension"; + xmltooling::NDC ndc(threadid.c_str()); // Determine web site number. This can't really fail, I don't think. dynabuf buf(128); GetServerVariable(lpECB,"INSTANCE_ID",buf,10); + if (buf.empty()) + return WriteClientError(lpECB, "Shibboleth Extension failed to obtain INSTANCE_ID server variable."); // Match site instance to host name, skip if no match. - map::const_iterator map_i=g_Sites.find(static_cast(buf)); - if (map_i==g_Sites.end()) + map::const_iterator map_i = g_Sites.find(static_cast(buf)); + if (map_i == g_Sites.end()) return WriteClientError(lpECB, "Shibboleth Extension not configured for web site (check ISAPI mappings in SP configuration)."); ShibTargetIsapiE ste(lpECB, map_i->second); @@ -997,22 +1052,22 @@ } catch(bad_alloc) { - return WriteClientError(lpECB,"Out of Memory"); + return WriteClientError(lpECB, "Out of Memory"); } catch(long e) { if (e==ERROR_NO_DATA) - return WriteClientError(lpECB,"A required variable or header was empty."); + return WriteClientError(lpECB, "A required variable or header was empty."); else - return WriteClientError(lpECB,"Server detected unexpected IIS error."); + return WriteClientError(lpECB, "Server detected unexpected IIS error."); } - catch (exception& e) { + catch (std::exception& e) { LogEvent(nullptr, EVENTLOG_ERROR_TYPE, 2100, nullptr, e.what()); - return WriteClientError(lpECB,"Shibboleth Extension caught an exception, check Event Log for details."); + return WriteClientError(lpECB, "Shibboleth Extension caught an exception, check Event Log for details."); } catch(...) { LogEvent(nullptr, EVENTLOG_ERROR_TYPE, 2100, nullptr, "Shibboleth Extension threw an unknown exception."); if (g_catchAll) - return WriteClientError(lpECB,"Shibboleth Extension threw an unknown exception."); + return WriteClientError(lpECB, "Shibboleth Extension threw an unknown exception."); throw; } diff -Nru shibboleth-sp2-2.4.3+dfsg/isapi_shib/isapi_shib.rc shibboleth-sp2-2.5.2+dfsg/isapi_shib/isapi_shib.rc --- shibboleth-sp2-2.4.3+dfsg/isapi_shib/isapi_shib.rc 2011-06-28 00:39:28.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/isapi_shib/isapi_shib.rc 2013-05-19 23:35:08.000000000 +0000 @@ -28,8 +28,8 @@ // VS_VERSION_INFO VERSIONINFO - FILEVERSION 2,4,3,0 - PRODUCTVERSION 2,4,3,0 + FILEVERSION 2,5,2,0 + PRODUCTVERSION 2,5,2,0 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L @@ -45,16 +45,16 @@ BLOCK "040904b0" BEGIN VALUE "Comments", "\0" - VALUE "CompanyName", "UCAID\0" + VALUE "CompanyName", "Shibboleth Consortium\0" VALUE "FileDescription", "Shibboleth ISAPI Filter / Extension\0" - VALUE "FileVersion", "2, 4, 3, 0\0" + VALUE "FileVersion", "2, 5, 2, 0\0" VALUE "InternalName", "isapi_shib\0" - VALUE "LegalCopyright", "Copyright © 2011 UCAID\0" + VALUE "LegalCopyright", "Copyright © 2013 UCAID\0" VALUE "LegalTrademarks", "\0" VALUE "OriginalFilename", "isapi_shib.dll\0" VALUE "PrivateBuild", "\0" - VALUE "ProductName", "Shibboleth 2.4.3\0" - VALUE "ProductVersion", "2, 4, 3, 0\0" + VALUE "ProductName", "Shibboleth 2.5.2\0" + VALUE "ProductVersion", "2, 5, 2, 0\0" VALUE "SpecialBuild", "\0" END END diff -Nru shibboleth-sp2-2.4.3+dfsg/isapi_shib/isapi_shib.vcproj shibboleth-sp2-2.5.2+dfsg/isapi_shib/isapi_shib.vcproj --- shibboleth-sp2-2.4.3+dfsg/isapi_shib/isapi_shib.vcproj 2011-06-28 00:39:28.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/isapi_shib/isapi_shib.vcproj 1970-01-01 00:00:00.000000000 +0000 @@ -1,400 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff -Nru shibboleth-sp2-2.4.3+dfsg/isapi_shib/isapi_shib.vcxproj shibboleth-sp2-2.5.2+dfsg/isapi_shib/isapi_shib.vcxproj --- shibboleth-sp2-2.4.3+dfsg/isapi_shib/isapi_shib.vcxproj 2011-06-28 00:39:28.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/isapi_shib/isapi_shib.vcxproj 2013-05-23 16:57:05.000000000 +0000 @@ -1,4 +1,4 @@ - + @@ -46,7 +46,7 @@ - + @@ -58,16 +58,15 @@ + + + <_ProjectFileVersion>10.0.30319.1 - $(SolutionDir)$(Configuration)\ - $(Configuration)\ false $(SolutionDir)$(Platform)\$(Configuration)\ $(Platform)\$(Configuration)\ false - $(SolutionDir)$(Configuration)\ - $(Configuration)\ true $(SolutionDir)$(Platform)\$(Configuration)\ $(Platform)\$(Configuration)\ @@ -237,4 +236,4 @@ - \ No newline at end of file + diff -Nru shibboleth-sp2-2.4.3+dfsg/m4/acinclude.m4 shibboleth-sp2-2.5.2+dfsg/m4/acinclude.m4 --- shibboleth-sp2-2.4.3+dfsg/m4/acinclude.m4 2011-06-28 00:39:26.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/m4/acinclude.m4 2012-07-23 20:08:22.000000000 +0000 @@ -44,7 +44,7 @@ dnl based on major, minor, patchlevel versions and date. dnl AC_HAVE_GCC_VERSION(MAJOR_VERSION, MINOR_VERSION, PATCH_LEVEL, dnl SNAPSHOT_DATE [, ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND]]) -AC_DEFUN(AC_HAVE_GCC_VERSION, +AC_DEFUN([AC_HAVE_GCC_VERSION], [AC_CACHE_CHECK([gcc is at least version $1.$2.$3.$4], ac_cv_gcc_version_$1_$2_$3_$4, [ diff -Nru shibboleth-sp2-2.4.3+dfsg/m4/boost.m4 shibboleth-sp2-2.5.2+dfsg/m4/boost.m4 --- shibboleth-sp2-2.4.3+dfsg/m4/boost.m4 1970-01-01 00:00:00.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/m4/boost.m4 2012-07-23 20:08:22.000000000 +0000 @@ -0,0 +1,1138 @@ +# boost.m4: Locate Boost headers and libraries for autoconf-based projects. +# Copyright (C) 2007, 2008, 2009, 2010, 2011 Benoit Sigoure +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Additional permission under section 7 of the GNU General Public +# License, version 3 ("GPLv3"): +# +# If you convey this file as part of a work that contains a +# configuration script generated by Autoconf, you may do so under +# terms of your choice. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +m4_define([_BOOST_SERIAL], [m4_translit([ +# serial 16 +], [# +], [])]) + +# Original sources can be found at http://github.com/tsuna/boost.m4 +# You can fetch the latest version of the script by doing: +# wget http://github.com/tsuna/boost.m4/raw/master/build-aux/boost.m4 + +# ------ # +# README # +# ------ # + +# This file provides several macros to use the various Boost libraries. +# The first macro is BOOST_REQUIRE. It will simply check if it's possible to +# find the Boost headers of a given (optional) minimum version and it will +# define BOOST_CPPFLAGS accordingly. It will add an option --with-boost to +# your configure so that users can specify non standard locations. +# If the user's environment contains BOOST_ROOT and --with-boost was not +# specified, --with-boost=$BOOST_ROOT is implicitly used. +# For more README and documentation, go to http://github.com/tsuna/boost.m4 +# Note: THESE MACROS ASSUME THAT YOU USE LIBTOOL. If you don't, don't worry, +# simply read the README, it will show you what to do step by step. + +m4_pattern_forbid([^_?(BOOST|Boost)_]) + + +# _BOOST_SED_CPP(SED-PROGRAM, PROGRAM, +# [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) +# -------------------------------------------------------- +# Same as AC_EGREP_CPP, but leave the result in conftest.i. +# +# SED-PROGRAM is *not* overquoted, as in AC_EGREP_CPP. It is expanded +# in double-quotes, so escape your double quotes. +# +# It could be useful to turn this into a macro which extracts the +# value of any macro. +m4_define([_BOOST_SED_CPP], +[AC_LANG_PREPROC_REQUIRE()dnl +AC_REQUIRE([AC_PROG_SED])dnl +AC_LANG_CONFTEST([AC_LANG_SOURCE([[$2]])]) +AS_IF([dnl eval is necessary to expand ac_cpp. +dnl Ultrix and Pyramid sh refuse to redirect output of eval, so use subshell. +dnl Beware of Windows end-of-lines, for instance if we are running +dnl some Windows programs under Wine. In that case, boost/version.hpp +dnl is certainly using "\r\n", but the regular Unix shell will only +dnl strip `\n' with backquotes, not the `\r'. This results in +dnl boost_cv_lib_version='1_37\r' for instance, which breaks +dnl everything else. +dnl Cannot use 'dnl' after [$4] because a trailing dnl may break AC_CACHE_CHECK +(eval "$ac_cpp conftest.$ac_ext") 2>&AS_MESSAGE_LOG_FD | + tr -d '\r' | + $SED -n -e "$1" >conftest.i 2>&1], + [$3], + [$4]) +rm -rf conftest* +])# AC_EGREP_CPP + + + +# BOOST_REQUIRE([VERSION], [ACTION-IF-NOT-FOUND]) +# ----------------------------------------------- +# Look for Boost. If version is given, it must either be a literal of the form +# "X.Y.Z" where X, Y and Z are integers (the ".Z" part being optional) or a +# variable "$var". +# Defines the value BOOST_CPPFLAGS. This macro only checks for headers with +# the required version, it does not check for any of the Boost libraries. +# On # success, defines HAVE_BOOST. On failure, calls the optional +# ACTION-IF-NOT-FOUND action if one was supplied. +# Otherwise aborts with an error message. +AC_DEFUN([BOOST_REQUIRE], +[AC_REQUIRE([AC_PROG_CXX])dnl +AC_REQUIRE([AC_PROG_GREP])dnl +echo "$as_me: this is boost.m4[]_BOOST_SERIAL" >&AS_MESSAGE_LOG_FD +boost_save_IFS=$IFS +boost_version_req=$1 +IFS=. +set x $boost_version_req 0 0 0 +IFS=$boost_save_IFS +shift +boost_version_req=`expr "$[1]" '*' 100000 + "$[2]" '*' 100 + "$[3]"` +boost_version_req_string=$[1].$[2].$[3] +AC_ARG_WITH([boost], + [AS_HELP_STRING([--with-boost=DIR], + [prefix of Boost $1 @<:@guess@:>@])])dnl +AC_ARG_VAR([BOOST_ROOT],[Location of Boost installation])dnl +# If BOOST_ROOT is set and the user has not provided a value to +# --with-boost, then treat BOOST_ROOT as if it the user supplied it. +if test x"$BOOST_ROOT" != x; then + if test x"$with_boost" = x; then + AC_MSG_NOTICE([Detected BOOST_ROOT; continuing with --with-boost=$BOOST_ROOT]) + with_boost=$BOOST_ROOT + else + AC_MSG_NOTICE([Detected BOOST_ROOT=$BOOST_ROOT, but overridden by --with-boost=$with_boost]) + fi +fi +AC_SUBST([DISTCHECK_CONFIGURE_FLAGS], + ["$DISTCHECK_CONFIGURE_FLAGS '--with-boost=$with_boost'"])dnl +boost_save_CPPFLAGS=$CPPFLAGS + AC_CACHE_CHECK([for Boost headers version >= $boost_version_req_string], + [boost_cv_inc_path], + [boost_cv_inc_path=no +AC_LANG_PUSH([C++])dnl +m4_pattern_allow([^BOOST_VERSION$])dnl + AC_LANG_CONFTEST([AC_LANG_PROGRAM([[#include +#if !defined BOOST_VERSION +# error BOOST_VERSION is not defined +#elif BOOST_VERSION < $boost_version_req +# error Boost headers version < $boost_version_req +#endif +]])]) + # If the user provided a value to --with-boost, use it and only it. + case $with_boost in #( + ''|yes) set x '' /opt/local/include /usr/local/include /opt/include \ + /usr/include C:/Boost/include;; #( + *) set x "$with_boost/include" "$with_boost";; + esac + shift + for boost_dir + do + # Without --layout=system, Boost (or at least some versions) installs + # itself in /include/boost-. This inner loop helps to + # find headers in such directories. + # + # Any ${boost_dir}/boost-x_xx directories are searched in reverse version + # order followed by ${boost_dir}. The final '.' is a sentinel for + # searching $boost_dir" itself. Entries are whitespace separated. + # + # I didn't indent this loop on purpose (to avoid over-indented code) + boost_layout_system_search_list=`cd "$boost_dir" 2>/dev/null \ + && ls -1 | "${GREP}" '^boost-' | sort -rn -t- -k2 \ + && echo .` + for boost_inc in $boost_layout_system_search_list + do + if test x"$boost_inc" != x.; then + boost_inc="$boost_dir/$boost_inc" + else + boost_inc="$boost_dir" # Uses sentinel in boost_layout_system_search_list + fi + if test x"$boost_inc" != x; then + # We are going to check whether the version of Boost installed + # in $boost_inc is usable by running a compilation that + # #includes it. But if we pass a -I/some/path in which Boost + # is not installed, the compiler will just skip this -I and + # use other locations (either from CPPFLAGS, or from its list + # of system include directories). As a result we would use + # header installed on the machine instead of the /some/path + # specified by the user. So in that precise case (trying + # $boost_inc), make sure the version.hpp exists. + # + # Use test -e as there can be symlinks. + test -e "$boost_inc/boost/version.hpp" || continue + CPPFLAGS="$CPPFLAGS -I$boost_inc" + fi + AC_COMPILE_IFELSE([], [boost_cv_inc_path=yes], [boost_cv_version=no]) + if test x"$boost_cv_inc_path" = xyes; then + if test x"$boost_inc" != x; then + boost_cv_inc_path=$boost_inc + fi + break 2 + fi + done + done +AC_LANG_POP([C++])dnl + ]) + case $boost_cv_inc_path in #( + no) + boost_errmsg="cannot find Boost headers version >= $boost_version_req_string" + m4_if([$2], [], [AC_MSG_ERROR([$boost_errmsg])], + [AC_MSG_NOTICE([$boost_errmsg])]) + $2 + ;;#( + yes) + BOOST_CPPFLAGS= + ;;#( + *) + AC_SUBST([BOOST_CPPFLAGS], ["-I$boost_cv_inc_path"])dnl + ;; + esac + if test x"$boost_cv_inc_path" != xno; then + AC_DEFINE([HAVE_BOOST], [1], + [Defined if the requested minimum BOOST version is satisfied]) + AC_CACHE_CHECK([for Boost's header version], + [boost_cv_lib_version], + [m4_pattern_allow([^BOOST_LIB_VERSION$])dnl + _BOOST_SED_CPP([/^boost_lib_version = /{s///;s/\"//g;p;q;}], + [#include +boost_lib_version = BOOST_LIB_VERSION], + [boost_cv_lib_version=`cat conftest.i`])]) + # e.g. "134" for 1_34_1 or "135" for 1_35 + boost_major_version=`echo "$boost_cv_lib_version" | $SED 's/_//;s/_.*//;s/ //'` + case $boost_major_version in #( + '' | *[[!0-9]]*) + AC_MSG_ERROR([invalid value: boost_major_version=$boost_major_version]) + ;; + esac +fi +CPPFLAGS=$boost_save_CPPFLAGS +])# BOOST_REQUIRE + +# BOOST_STATIC() +# -------------- +# Add the "--enable-static-boost" configure argument. If this argument is given +# on the command line, static versions of the libraries will be looked up. +AC_DEFUN([BOOST_STATIC], + [AC_ARG_ENABLE([static-boost], + [AC_HELP_STRING([--enable-static-boost], + [Prefer the static boost libraries over the shared ones [no]])], + [enable_static_boost=yes], + [enable_static_boost=no])])# BOOST_STATIC + +# BOOST_FIND_HEADER([HEADER-NAME], [ACTION-IF-NOT-FOUND], [ACTION-IF-FOUND]) +# -------------------------------------------------------------------------- +# Wrapper around AC_CHECK_HEADER for Boost headers. Useful to check for +# some parts of the Boost library which are only made of headers and don't +# require linking (such as Boost.Foreach). +# +# Default ACTION-IF-NOT-FOUND: Fail with a fatal error unless Boost couldn't be +# found in the first place, in which case by default a notice is issued to the +# user. Presumably if we haven't died already it's because it's OK to not have +# Boost, which is why only a notice is issued instead of a hard error. +# +# Default ACTION-IF-FOUND: define the preprocessor symbol HAVE_ in +# case of success # (where HEADER-NAME is written LIKE_THIS, e.g., +# HAVE_BOOST_FOREACH_HPP). +AC_DEFUN([BOOST_FIND_HEADER], +[AC_REQUIRE([BOOST_REQUIRE])dnl +if test x"$boost_cv_inc_path" = xno; then + m4_default([$2], [AC_MSG_NOTICE([Boost not available, not searching for $1])]) +else +AC_LANG_PUSH([C++])dnl +boost_save_CPPFLAGS=$CPPFLAGS +CPPFLAGS="$CPPFLAGS $BOOST_CPPFLAGS" +AC_CHECK_HEADER([$1], + [m4_default([$3], [AC_DEFINE(AS_TR_CPP([HAVE_$1]), [1], + [Define to 1 if you have <$1>])])], + [m4_default([$2], [AC_MSG_ERROR([cannot find $1])])]) +CPPFLAGS=$boost_save_CPPFLAGS +AC_LANG_POP([C++])dnl +fi +])# BOOST_FIND_HEADER + + +# BOOST_FIND_LIB([LIB-NAME], [PREFERRED-RT-OPT], [HEADER-NAME], [CXX-TEST], +# [CXX-PROLOGUE]) +# ------------------------------------------------------------------------- +# Look for the Boost library LIB-NAME (e.g., LIB-NAME = `thread', for +# libboost_thread). Check that HEADER-NAME works and check that +# libboost_LIB-NAME can link with the code CXX-TEST. The optional argument +# CXX-PROLOGUE can be used to include some C++ code before the `main' +# function. +# +# Invokes BOOST_FIND_HEADER([HEADER-NAME]) (see above). +# +# Boost libraries typically come compiled with several flavors (with different +# runtime options) so PREFERRED-RT-OPT is the preferred suffix. A suffix is one +# or more of the following letters: sgdpn (in that order). s = static +# runtime, d = debug build, g = debug/diagnostic runtime, p = STLPort build, +# n = (unsure) STLPort build without iostreams from STLPort (it looks like `n' +# must always be used along with `p'). Additionally, PREFERRED-RT-OPT can +# start with `mt-' to indicate that there is a preference for multi-thread +# builds. Some sample values for PREFERRED-RT-OPT: (nothing), mt, d, mt-d, gdp +# ... If you want to make sure you have a specific version of Boost +# (eg, >= 1.33) you *must* invoke BOOST_REQUIRE before this macro. +AC_DEFUN([BOOST_FIND_LIB], +[AC_REQUIRE([BOOST_REQUIRE])dnl +AC_REQUIRE([_BOOST_FIND_COMPILER_TAG])dnl +AC_REQUIRE([BOOST_STATIC])dnl +AC_REQUIRE([_BOOST_GUESS_WHETHER_TO_USE_MT])dnl +if test x"$boost_cv_inc_path" = xno; then + AC_MSG_NOTICE([Boost not available, not searching for the Boost $1 library]) +else +dnl The else branch is huge and wasn't intended on purpose. +AC_LANG_PUSH([C++])dnl +AS_VAR_PUSHDEF([Boost_lib], [boost_cv_lib_$1])dnl +AS_VAR_PUSHDEF([Boost_lib_LDFLAGS], [boost_cv_lib_$1_LDFLAGS])dnl +AS_VAR_PUSHDEF([Boost_lib_LDPATH], [boost_cv_lib_$1_LDPATH])dnl +AS_VAR_PUSHDEF([Boost_lib_LIBS], [boost_cv_lib_$1_LIBS])dnl +BOOST_FIND_HEADER([$3]) +boost_save_CPPFLAGS=$CPPFLAGS +CPPFLAGS="$CPPFLAGS $BOOST_CPPFLAGS" +# Now let's try to find the library. The algorithm is as follows: first look +# for a given library name according to the user's PREFERRED-RT-OPT. For each +# library name, we prefer to use the ones that carry the tag (toolset name). +# Each library is searched through the various standard paths were Boost is +# usually installed. If we can't find the standard variants, we try to +# enforce -mt (for instance on MacOSX, libboost_threads.dylib doesn't exist +# but there's -obviously- libboost_threads-mt.dylib). +AC_CACHE_CHECK([for the Boost $1 library], [Boost_lib], + [Boost_lib=no + case "$2" in #( + mt | mt-) boost_mt=-mt; boost_rtopt=;; #( + mt* | mt-*) boost_mt=-mt; boost_rtopt=`expr "X$2" : 'Xmt-*\(.*\)'`;; #( + *) boost_mt=; boost_rtopt=$2;; + esac + if test $enable_static_boost = yes; then + boost_rtopt="s$boost_rtopt" + fi + # Find the proper debug variant depending on what we've been asked to find. + case $boost_rtopt in #( + *d*) boost_rt_d=$boost_rtopt;; #( + *[[sgpn]]*) # Insert the `d' at the right place (in between `sg' and `pn') + boost_rt_d=`echo "$boost_rtopt" | sed 's/\(s*g*\)\(p*n*\)/\1\2/'`;; #( + *) boost_rt_d='-d';; + esac + # If the PREFERRED-RT-OPT are not empty, prepend a `-'. + test -n "$boost_rtopt" && boost_rtopt="-$boost_rtopt" + $boost_guess_use_mt && boost_mt=-mt + # Look for the abs path the static archive. + # $libext is computed by Libtool but let's make sure it's non empty. + test -z "$libext" && + AC_MSG_ERROR([the libext variable is empty, did you invoke Libtool?]) + boost_save_ac_objext=$ac_objext + # Generate the test file. + AC_LANG_CONFTEST([AC_LANG_PROGRAM([#include <$3> +$5], [$4])]) +dnl Optimization hacks: compiling C++ is slow, especially with Boost. What +dnl we're trying to do here is guess the right combination of link flags +dnl (LIBS / LDFLAGS) to use a given library. This can take several +dnl iterations before it succeeds and is thus *very* slow. So what we do +dnl instead is that we compile the code first (and thus get an object file, +dnl typically conftest.o). Then we try various combinations of link flags +dnl until we succeed to link conftest.o in an executable. The problem is +dnl that the various TRY_LINK / COMPILE_IFELSE macros of Autoconf always +dnl remove all the temporary files including conftest.o. So the trick here +dnl is to temporarily change the value of ac_objext so that conftest.o is +dnl preserved accross tests. This is obviously fragile and I will burn in +dnl hell for not respecting Autoconf's documented interfaces, but in the +dnl mean time, it optimizes the macro by a factor of 5 to 30. +dnl Another small optimization: the first argument of AC_COMPILE_IFELSE left +dnl empty because the test file is generated only once above (before we +dnl start the for loops). + AC_COMPILE_IFELSE([], + [ac_objext=do_not_rm_me_plz], + [AC_MSG_ERROR([cannot compile a test that uses Boost $1])]) + ac_objext=$boost_save_ac_objext + boost_failed_libs= +# Don't bother to ident the 6 nested for loops, only the 2 innermost ones +# matter. +for boost_tag_ in -$boost_cv_lib_tag ''; do +for boost_ver_ in -$boost_cv_lib_version ''; do +for boost_mt_ in $boost_mt -mt ''; do +for boost_rtopt_ in $boost_rtopt '' -d; do + for boost_lib in \ + boost_$1$boost_tag_$boost_mt_$boost_rtopt_$boost_ver_ \ + boost_$1$boost_tag_$boost_rtopt_$boost_ver_ \ + boost_$1$boost_tag_$boost_mt_$boost_ver_ \ + boost_$1$boost_tag_$boost_ver_ + do + # Avoid testing twice the same lib + case $boost_failed_libs in #( + *@$boost_lib@*) continue;; + esac + # If with_boost is empty, we'll search in /lib first, which is not quite + # right so instead we'll try to a location based on where the headers are. + boost_tmp_lib=$with_boost + test x"$with_boost" = x && boost_tmp_lib=${boost_cv_inc_path%/include} + for boost_ldpath in "$boost_tmp_lib/lib" '' \ + /opt/local/lib* /usr/local/lib* /opt/lib* /usr/lib* \ + "$with_boost" C:/Boost/lib /lib* + do + test -e "$boost_ldpath" || continue + boost_save_LDFLAGS=$LDFLAGS + # Are we looking for a static library? + case $boost_ldpath:$boost_rtopt_ in #( + *?*:*s*) # Yes (Non empty boost_ldpath + s in rt opt) + Boost_lib_LIBS="$boost_ldpath/lib$boost_lib.$libext" + test -e "$Boost_lib_LIBS" || continue;; #( + *) # No: use -lboost_foo to find the shared library. + Boost_lib_LIBS="-l$boost_lib";; + esac + boost_save_LIBS=$LIBS + LIBS="$Boost_lib_LIBS $LIBS" + test x"$boost_ldpath" != x && LDFLAGS="$LDFLAGS -L$boost_ldpath" +dnl First argument of AC_LINK_IFELSE left empty because the test file is +dnl generated only once above (before we start the for loops). + _BOOST_AC_LINK_IFELSE([], + [Boost_lib=yes], [Boost_lib=no]) + ac_objext=$boost_save_ac_objext + LDFLAGS=$boost_save_LDFLAGS + LIBS=$boost_save_LIBS + if test x"$Boost_lib" = xyes; then + Boost_lib_LDFLAGS="-L$boost_ldpath -Wl,-R$boost_ldpath" + Boost_lib_LDPATH="$boost_ldpath" + break 6 + else + boost_failed_libs="$boost_failed_libs@$boost_lib@" + fi + done + done +done +done +done +done +rm -f conftest.$ac_objext +]) +case $Boost_lib in #( + no) _AC_MSG_LOG_CONFTEST + AC_MSG_ERROR([cannot find the flags to link with Boost $1]) + ;; +esac +AC_SUBST(AS_TR_CPP([BOOST_$1_LDFLAGS]), [$Boost_lib_LDFLAGS])dnl +AC_SUBST(AS_TR_CPP([BOOST_$1_LDPATH]), [$Boost_lib_LDPATH])dnl +AC_SUBST([BOOST_LDPATH], [$Boost_lib_LDPATH])dnl +AC_SUBST(AS_TR_CPP([BOOST_$1_LIBS]), [$Boost_lib_LIBS])dnl +CPPFLAGS=$boost_save_CPPFLAGS +AS_VAR_POPDEF([Boost_lib])dnl +AS_VAR_POPDEF([Boost_lib_LDFLAGS])dnl +AS_VAR_POPDEF([Boost_lib_LDPATH])dnl +AS_VAR_POPDEF([Boost_lib_LIBS])dnl +AC_LANG_POP([C++])dnl +fi +])# BOOST_FIND_LIB + + +# --------------------------------------- # +# Checks for the various Boost libraries. # +# --------------------------------------- # + +# List of boost libraries: http://www.boost.org/libs/libraries.htm +# The page http://beta.boost.org/doc/libs is useful: it gives the first release +# version of each library (among other things). + +# BOOST_DEFUN(LIBRARY, CODE) +# -------------------------- +# Define BOOST_ as a macro that runs CODE. +# +# Use indir to avoid the warning on underquoted macro name given to AC_DEFUN. +m4_define([BOOST_DEFUN], +[m4_indir([AC_DEFUN], + m4_toupper([BOOST_$1]), +[m4_pushdef([BOOST_Library], [$1])dnl +$2 +m4_popdef([BOOST_Library])dnl +]) +]) + +# BOOST_ARRAY() +# ------------- +# Look for Boost.Array +BOOST_DEFUN([Array], +[BOOST_FIND_HEADER([boost/array.hpp])]) + + +# BOOST_ASIO() +# ------------ +# Look for Boost.Asio (new in Boost 1.35). +BOOST_DEFUN([Asio], +[AC_REQUIRE([BOOST_SYSTEM])dnl +BOOST_FIND_HEADER([boost/asio.hpp])]) + + +# BOOST_BIND() +# ------------ +# Look for Boost.Bind +BOOST_DEFUN([Bind], +[BOOST_FIND_HEADER([boost/bind.hpp])]) + + +# BOOST_CONVERSION() +# ------------------ +# Look for Boost.Conversion (cast / lexical_cast) +BOOST_DEFUN([Conversion], +[BOOST_FIND_HEADER([boost/cast.hpp]) +BOOST_FIND_HEADER([boost/lexical_cast.hpp]) +])# BOOST_CONVERSION + + +# BOOST_DATE_TIME([PREFERRED-RT-OPT]) +# ----------------------------------- +# Look for Boost.Date_Time. For the documentation of PREFERRED-RT-OPT, see the +# documentation of BOOST_FIND_LIB above. +BOOST_DEFUN([Date_Time], +[BOOST_FIND_LIB([date_time], [$1], + [boost/date_time/posix_time/posix_time.hpp], + [boost::posix_time::ptime t;]) +])# BOOST_DATE_TIME + + +# BOOST_FILESYSTEM([PREFERRED-RT-OPT]) +# ------------------------------------ +# Look for Boost.Filesystem. For the documentation of PREFERRED-RT-OPT, see +# the documentation of BOOST_FIND_LIB above. +# Do not check for boost/filesystem.hpp because this file was introduced in +# 1.34. +BOOST_DEFUN([Filesystem], +[# Do we have to check for Boost.System? This link-time dependency was +# added as of 1.35.0. If we have a version <1.35, we must not attempt to +# find Boost.System as it didn't exist by then. +if test $boost_major_version -ge 135; then +BOOST_SYSTEM([$1]) +fi # end of the Boost.System check. +boost_filesystem_save_LIBS=$LIBS +boost_filesystem_save_LDFLAGS=$LDFLAGS +m4_pattern_allow([^BOOST_SYSTEM_(LIBS|LDFLAGS)$])dnl +LIBS="$LIBS $BOOST_SYSTEM_LIBS" +LDFLAGS="$LDFLAGS $BOOST_SYSTEM_LDFLAGS" +BOOST_FIND_LIB([filesystem], [$1], + [boost/filesystem/path.hpp], [boost::filesystem::path p;]) +if test $enable_static_boost = yes && test $boost_major_version -ge 135; then + AC_SUBST([BOOST_FILESYSTEM_LIBS], ["$BOOST_FILESYSTEM_LIBS $BOOST_SYSTEM_LIBS"]) +fi +LIBS=$boost_filesystem_save_LIBS +LDFLAGS=$boost_filesystem_save_LDFLAGS +])# BOOST_FILESYSTEM + + +# BOOST_FOREACH() +# --------------- +# Look for Boost.Foreach +BOOST_DEFUN([Foreach], +[BOOST_FIND_HEADER([boost/foreach.hpp])]) + + +# BOOST_FORMAT() +# -------------- +# Look for Boost.Format +# Note: we can't check for boost/format/format_fwd.hpp because the header isn't +# standalone. It can't be compiled because it triggers the following error: +# boost/format/detail/config_macros.hpp:88: error: 'locale' in namespace 'std' +# does not name a type +BOOST_DEFUN([Format], +[BOOST_FIND_HEADER([boost/format.hpp])]) + + +# BOOST_FUNCTION() +# ---------------- +# Look for Boost.Function +BOOST_DEFUN([Function], +[BOOST_FIND_HEADER([boost/function.hpp])]) + + +# BOOST_GRAPH([PREFERRED-RT-OPT]) +# ------------------------------- +# Look for Boost.Graphs. For the documentation of PREFERRED-RT-OPT, see the +# documentation of BOOST_FIND_LIB above. +BOOST_DEFUN([Graph], +[BOOST_FIND_LIB([graph], [$1], + [boost/graph/adjacency_list.hpp], [boost::adjacency_list<> g;]) +])# BOOST_GRAPH + + +# BOOST_IOSTREAMS([PREFERRED-RT-OPT]) +# ----------------------------------- +# Look for Boost.IOStreams. For the documentation of PREFERRED-RT-OPT, see the +# documentation of BOOST_FIND_LIB above. +BOOST_DEFUN([IOStreams], +[BOOST_FIND_LIB([iostreams], [$1], + [boost/iostreams/device/file_descriptor.hpp], + [boost::iostreams::file_descriptor fd; fd.close();]) +])# BOOST_IOSTREAMS + + +# BOOST_HASH() +# ------------ +# Look for Boost.Functional/Hash +BOOST_DEFUN([Hash], +[BOOST_FIND_HEADER([boost/functional/hash.hpp])]) + + +# BOOST_LAMBDA() +# -------------- +# Look for Boost.Lambda +BOOST_DEFUN([Lambda], +[BOOST_FIND_HEADER([boost/lambda/lambda.hpp])]) + + +# BOOST_LOG([PREFERRED-RT-OPT]) +# ----------------------------- +# Look for Boost.Log For the documentation of PREFERRED-RT-OPT, see the +# documentation of BOOST_FIND_LIB above. +BOOST_DEFUN([Log], +[BOOST_FIND_LIB([log], [$1], + [boost/log/core/core.hpp], + [boost::log::attribute a; a.get_value();]) +])# BOOST_LOG + + +# BOOST_LOG_SETUP([PREFERRED-RT-OPT]) +# ----------------------------------- +# Look for Boost.Log For the documentation of PREFERRED-RT-OPT, see the +# documentation of BOOST_FIND_LIB above. +BOOST_DEFUN([Log_Setup], +[AC_REQUIRE([BOOST_LOG])dnl +BOOST_FIND_LIB([log_setup], [$1], + [boost/log/utility/init/from_settings.hpp], + [boost::log::basic_settings bs; bs.empty();]) +])# BOOST_LOG_SETUP + + +# BOOST_MATH() +# ------------ +# Look for Boost.Math +# TODO: This library isn't header-only but it comes in multiple different +# flavors that don't play well with BOOST_FIND_LIB (e.g, libboost_math_c99, +# libboost_math_c99f, libboost_math_c99l, libboost_math_tr1, +# libboost_math_tr1f, libboost_math_tr1l). This macro must be fixed to do the +# right thing anyway. +BOOST_DEFUN([Math], +[BOOST_FIND_HEADER([boost/math/special_functions.hpp])]) + + +# BOOST_MULTIARRAY() +# ------------------ +# Look for Boost.MultiArray +BOOST_DEFUN([MultiArray], +[BOOST_FIND_HEADER([boost/multi_array.hpp])]) + + +# BOOST_NUMERIC_CONVERSION() +# -------------------------- +# Look for Boost.NumericConversion (policy-based numeric conversion) +BOOST_DEFUN([Numeric_Conversion], +[BOOST_FIND_HEADER([boost/numeric/conversion/converter.hpp]) +])# BOOST_NUMERIC_CONVERSION + + +# BOOST_OPTIONAL() +# ---------------- +# Look for Boost.Optional +BOOST_DEFUN([Optional], +[BOOST_FIND_HEADER([boost/optional.hpp])]) + +# BOOST_PTR_CONTAINER() +# ---------------- +# Look for Boost.PointerContainer +BOOST_DEFUN([Ptr_Container], +[BOOST_FIND_HEADER([boost/ptr_container/ptr_vector.hpp])]) + +# BOOST_PREPROCESSOR() +# -------------------- +# Look for Boost.Preprocessor +BOOST_DEFUN([Preprocessor], +[BOOST_FIND_HEADER([boost/preprocessor/repeat.hpp])]) + + +# BOOST_UNORDERED() +# ----------------- +# Look for Boost.Unordered +BOOST_DEFUN([Unordered], +[BOOST_FIND_HEADER([boost/unordered_map.hpp])]) + + +# BOOST_UUID() +# ------------ +# Look for Boost.Uuid +BOOST_DEFUN([Uuid], +[BOOST_FIND_HEADER([boost/uuid/uuid.hpp])]) + + +# BOOST_PROGRAM_OPTIONS([PREFERRED-RT-OPT]) +# ----------------------------------------- +# Look for Boost.Program_options. For the documentation of PREFERRED-RT-OPT, +# see the documentation of BOOST_FIND_LIB above. +BOOST_DEFUN([Program_Options], +[BOOST_FIND_LIB([program_options], [$1], + [boost/program_options.hpp], + [boost::program_options::options_description d("test");]) +])# BOOST_PROGRAM_OPTIONS + + + +# _BOOST_PYTHON_CONFIG(VARIABLE, FLAG) +# ------------------------------------ +# Save VARIABLE, and define it via `python-config --FLAG`. +# Substitute BOOST_PYTHON_VARIABLE. +m4_define([_BOOST_PYTHON_CONFIG], +[AC_SUBST([BOOST_PYTHON_$1], + [`python-config --$2 2>/dev/null`])dnl +boost_python_save_$1=$$1 +$1="$$1 $BOOST_PYTHON_$1"]) + + +# BOOST_PYTHON([PREFERRED-RT-OPT]) +# -------------------------------- +# Look for Boost.Python. For the documentation of PREFERRED-RT-OPT, +# see the documentation of BOOST_FIND_LIB above. +BOOST_DEFUN([Python], +[_BOOST_PYTHON_CONFIG([CPPFLAGS], [includes]) +_BOOST_PYTHON_CONFIG([LDFLAGS], [ldflags]) +_BOOST_PYTHON_CONFIG([LIBS], [libs]) +m4_pattern_allow([^BOOST_PYTHON_MODULE$])dnl +BOOST_FIND_LIB([python], [$1], + [boost/python.hpp], + [], [BOOST_PYTHON_MODULE(empty) {}]) +CPPFLAGS=$boost_python_save_CPPFLAGS +LDFLAGS=$boost_python_save_LDFLAGS +LIBS=$boost_python_save_LIBS +])# BOOST_PYTHON + + +# BOOST_REF() +# ----------- +# Look for Boost.Ref +BOOST_DEFUN([Ref], +[BOOST_FIND_HEADER([boost/ref.hpp])]) + + +# BOOST_REGEX([PREFERRED-RT-OPT]) +# ------------------------------- +# Look for Boost.Regex. For the documentation of PREFERRED-RT-OPT, see the +# documentation of BOOST_FIND_LIB above. +BOOST_DEFUN([Regex], +[BOOST_FIND_LIB([regex], [$1], + [boost/regex.hpp], + [boost::regex exp("*"); boost::regex_match("foo", exp);]) +])# BOOST_REGEX + + +# BOOST_SERIALIZATION([PREFERRED-RT-OPT]) +# --------------------------------------- +# Look for Boost.Serialization. For the documentation of PREFERRED-RT-OPT, see +# the documentation of BOOST_FIND_LIB above. +BOOST_DEFUN([Serialization], +[BOOST_FIND_LIB([serialization], [$1], + [boost/archive/text_oarchive.hpp], + [std::ostream* o = 0; // Cheap way to get an ostream... + boost::archive::text_oarchive t(*o);]) +])# BOOST_SERIALIZATION + + +# BOOST_SIGNALS([PREFERRED-RT-OPT]) +# --------------------------------- +# Look for Boost.Signals. For the documentation of PREFERRED-RT-OPT, see the +# documentation of BOOST_FIND_LIB above. +BOOST_DEFUN([Signals], +[BOOST_FIND_LIB([signals], [$1], + [boost/signal.hpp], + [boost::signal s;]) +])# BOOST_SIGNALS + + +# BOOST_SMART_PTR() +# ----------------- +# Look for Boost.SmartPtr +BOOST_DEFUN([Smart_Ptr], +[BOOST_FIND_HEADER([boost/scoped_ptr.hpp]) +BOOST_FIND_HEADER([boost/shared_ptr.hpp]) +]) + + +# BOOST_STATICASSERT() +# -------------------- +# Look for Boost.StaticAssert +BOOST_DEFUN([StaticAssert], +[BOOST_FIND_HEADER([boost/static_assert.hpp])]) + + +# BOOST_STRING_ALGO() +# ------------------- +# Look for Boost.StringAlgo +BOOST_DEFUN([String_Algo], +[BOOST_FIND_HEADER([boost/algorithm/string.hpp]) +]) + + +# BOOST_SYSTEM([PREFERRED-RT-OPT]) +# -------------------------------- +# Look for Boost.System. For the documentation of PREFERRED-RT-OPT, see the +# documentation of BOOST_FIND_LIB above. This library was introduced in Boost +# 1.35.0. +BOOST_DEFUN([System], +[BOOST_FIND_LIB([system], [$1], + [boost/system/error_code.hpp], + [boost::system::error_code e; e.clear();]) +])# BOOST_SYSTEM + + +# BOOST_TEST([PREFERRED-RT-OPT]) +# ------------------------------ +# Look for Boost.Test. For the documentation of PREFERRED-RT-OPT, see the +# documentation of BOOST_FIND_LIB above. +BOOST_DEFUN([Test], +[m4_pattern_allow([^BOOST_CHECK$])dnl +BOOST_FIND_LIB([unit_test_framework], [$1], + [boost/test/unit_test.hpp], [BOOST_CHECK(2 == 2);], + [using boost::unit_test::test_suite; + test_suite* init_unit_test_suite(int argc, char ** argv) + { return NULL; }]) +])# BOOST_TEST + + +# BOOST_THREADS([PREFERRED-RT-OPT]) +# --------------------------------- +# Look for Boost.Thread. For the documentation of PREFERRED-RT-OPT, see the +# documentation of BOOST_FIND_LIB above. +# FIXME: Provide an alias "BOOST_THREAD". +BOOST_DEFUN([Threads], +[dnl Having the pthread flag is required at least on GCC3 where +dnl boost/thread.hpp would complain if we try to compile without +dnl -pthread on GNU/Linux. +AC_REQUIRE([_BOOST_PTHREAD_FLAG])dnl +boost_threads_save_LIBS=$LIBS +boost_threads_save_CPPFLAGS=$CPPFLAGS +LIBS="$LIBS $boost_cv_pthread_flag" +# Yes, we *need* to put the -pthread thing in CPPFLAGS because with GCC3, +# boost/thread.hpp will trigger a #error if -pthread isn't used: +# boost/config/requires_threads.hpp:47:5: #error "Compiler threading support +# is not turned on. Please set the correct command line options for +# threading: -pthread (Linux), -pthreads (Solaris) or -mthreads (Mingw32)" +CPPFLAGS="$CPPFLAGS $boost_cv_pthread_flag" +BOOST_FIND_LIB([thread], [$1], + [boost/thread.hpp], [boost::thread t; boost::mutex m;]) +BOOST_THREAD_LIBS="$BOOST_THREAD_LIBS $boost_cv_pthread_flag" +BOOST_CPPFLAGS="$BOOST_CPPFLAGS $boost_cv_pthread_flag" +LIBS=$boost_threads_save_LIBS +CPPFLAGS=$boost_threads_save_CPPFLAGS +])# BOOST_THREADS + + +# BOOST_TOKENIZER() +# ----------------- +# Look for Boost.Tokenizer +BOOST_DEFUN([Tokenizer], +[BOOST_FIND_HEADER([boost/tokenizer.hpp])]) + + +# BOOST_TRIBOOL() +# --------------- +# Look for Boost.Tribool +BOOST_DEFUN([Tribool], +[BOOST_FIND_HEADER([boost/logic/tribool_fwd.hpp]) +BOOST_FIND_HEADER([boost/logic/tribool.hpp]) +]) + + +# BOOST_TUPLE() +# ------------- +# Look for Boost.Tuple +BOOST_DEFUN([Tuple], +[BOOST_FIND_HEADER([boost/tuple/tuple.hpp])]) + + +# BOOST_TYPETRAITS() +# -------------------- +# Look for Boost.TypeTraits +BOOST_DEFUN([TypeTraits], +[BOOST_FIND_HEADER([boost/type_traits.hpp])]) + + +# BOOST_UTILITY() +# --------------- +# Look for Boost.Utility (noncopyable, result_of, base-from-member idiom, +# etc.) +BOOST_DEFUN([Utility], +[BOOST_FIND_HEADER([boost/utility.hpp])]) + + +# BOOST_VARIANT() +# --------------- +# Look for Boost.Variant. +BOOST_DEFUN([Variant], +[BOOST_FIND_HEADER([boost/variant/variant_fwd.hpp]) +BOOST_FIND_HEADER([boost/variant.hpp])]) + + +# BOOST_WAVE([PREFERRED-RT-OPT]) +# ------------------------------ +# NOTE: If you intend to use Wave/Spirit with thread support, make sure you +# call BOOST_THREADS first. +# Look for Boost.Wave. For the documentation of PREFERRED-RT-OPT, see the +# documentation of BOOST_FIND_LIB above. +BOOST_DEFUN([Wave], +[AC_REQUIRE([BOOST_FILESYSTEM])dnl +AC_REQUIRE([BOOST_DATE_TIME])dnl +boost_wave_save_LIBS=$LIBS +boost_wave_save_LDFLAGS=$LDFLAGS +m4_pattern_allow([^BOOST_((FILE)?SYSTEM|DATE_TIME|THREAD)_(LIBS|LDFLAGS)$])dnl +LIBS="$LIBS $BOOST_SYSTEM_LIBS $BOOST_FILESYSTEM_LIBS $BOOST_DATE_TIME_LIBS\ +$BOOST_THREAD_LIBS" +LDFLAGS="$LDFLAGS $BOOST_SYSTEM_LDFLAGS $BOOST_FILESYSTEM_LDFLAGS\ +$BOOST_DATE_TIME_LDFLAGS $BOOST_THREAD_LDFLAGS" +BOOST_FIND_LIB([wave], [$1], + [boost/wave.hpp], + [boost::wave::token_id id; get_token_name(id);]) +LIBS=$boost_wave_save_LIBS +LDFLAGS=$boost_wave_save_LDFLAGS +])# BOOST_WAVE + + +# BOOST_XPRESSIVE() +# ----------------- +# Look for Boost.Xpressive (new since 1.36.0). +BOOST_DEFUN([Xpressive], +[BOOST_FIND_HEADER([boost/xpressive/xpressive.hpp])]) + + +# ----------------- # +# Internal helpers. # +# ----------------- # + + +# _BOOST_PTHREAD_FLAG() +# --------------------- +# Internal helper for BOOST_THREADS. Based on ACX_PTHREAD: +# http://autoconf-archive.cryp.to/acx_pthread.html +AC_DEFUN([_BOOST_PTHREAD_FLAG], +[AC_REQUIRE([AC_PROG_CXX])dnl +AC_REQUIRE([AC_CANONICAL_HOST])dnl +AC_LANG_PUSH([C++])dnl +AC_CACHE_CHECK([for the flags needed to use pthreads], [boost_cv_pthread_flag], +[ boost_cv_pthread_flag= + # The ordering *is* (sometimes) important. Some notes on the + # individual items follow: + # (none): in case threads are in libc; should be tried before -Kthread and + # other compiler flags to prevent continual compiler warnings + # -lpthreads: AIX (must check this before -lpthread) + # -Kthread: Sequent (threads in libc, but -Kthread needed for pthread.h) + # -kthread: FreeBSD kernel threads (preferred to -pthread since SMP-able) + # -llthread: LinuxThreads port on FreeBSD (also preferred to -pthread) + # -pthread: GNU Linux/GCC (kernel threads), BSD/GCC (userland threads) + # -pthreads: Solaris/GCC + # -mthreads: MinGW32/GCC, Lynx/GCC + # -mt: Sun Workshop C (may only link SunOS threads [-lthread], but it + # doesn't hurt to check since this sometimes defines pthreads too; + # also defines -D_REENTRANT) + # ... -mt is also the pthreads flag for HP/aCC + # -lpthread: GNU Linux, etc. + # --thread-safe: KAI C++ + case $host_os in #( + *solaris*) + # On Solaris (at least, for some versions), libc contains stubbed + # (non-functional) versions of the pthreads routines, so link-based + # tests will erroneously succeed. (We need to link with -pthreads/-mt/ + # -lpthread.) (The stubs are missing pthread_cleanup_push, or rather + # a function called by this macro, so we could check for that, but + # who knows whether they'll stub that too in a future libc.) So, + # we'll just look for -pthreads and -lpthread first: + boost_pthread_flags="-pthreads -lpthread -mt -pthread";; #( + *) + boost_pthread_flags="-lpthreads -Kthread -kthread -llthread -pthread \ + -pthreads -mthreads -lpthread --thread-safe -mt";; + esac + # Generate the test file. + AC_LANG_CONFTEST([AC_LANG_PROGRAM([#include ], + [pthread_t th; pthread_join(th, 0); + pthread_attr_init(0); pthread_cleanup_push(0, 0); + pthread_create(0,0,0,0); pthread_cleanup_pop(0);])]) + for boost_pthread_flag in '' $boost_pthread_flags; do + boost_pthread_ok=false +dnl Re-use the test file already generated. + boost_pthreads__save_LIBS=$LIBS + LIBS="$LIBS $boost_pthread_flag" + AC_LINK_IFELSE([], + [if grep ".*$boost_pthread_flag" conftest.err; then + echo "This flag seems to have triggered warnings" >&AS_MESSAGE_LOG_FD + else + boost_pthread_ok=:; boost_cv_pthread_flag=$boost_pthread_flag + fi]) + LIBS=$boost_pthreads__save_LIBS + $boost_pthread_ok && break + done +]) +AC_LANG_POP([C++])dnl +])# _BOOST_PTHREAD_FLAG + + +# _BOOST_gcc_test(MAJOR, MINOR) +# ----------------------------- +# Internal helper for _BOOST_FIND_COMPILER_TAG. +m4_define([_BOOST_gcc_test], +["defined __GNUC__ && __GNUC__ == $1 && __GNUC_MINOR__ == $2 && !defined __ICC @ gcc$1$2"])dnl + + +# _BOOST_FIND_COMPILER_TAG() +# -------------------------- +# Internal. When Boost is installed without --layout=system, each library +# filename will hold a suffix that encodes the compiler used during the +# build. The Boost build system seems to call this a `tag'. +AC_DEFUN([_BOOST_FIND_COMPILER_TAG], +[AC_REQUIRE([AC_PROG_CXX])dnl +AC_REQUIRE([AC_CANONICAL_HOST])dnl +AC_CACHE_CHECK([for the toolset name used by Boost for $CXX], [boost_cv_lib_tag], +[boost_cv_lib_tag=unknown +if test x$boost_cv_inc_path != xno; then + AC_LANG_PUSH([C++])dnl + # The following tests are mostly inspired by boost/config/auto_link.hpp + # The list is sorted to most recent/common to oldest compiler (in order + # to increase the likelihood of finding the right compiler with the + # least number of compilation attempt). + # Beware that some tests are sensible to the order (for instance, we must + # look for MinGW before looking for GCC3). + # I used one compilation test per compiler with a #error to recognize + # each compiler so that it works even when cross-compiling (let me know + # if you know a better approach). + # Known missing tags (known from Boost's tools/build/v2/tools/common.jam): + # como, edg, kcc, bck, mp, sw, tru, xlc + # I'm not sure about my test for `il' (be careful: Intel's ICC pre-defines + # the same defines as GCC's). + for i in \ + _BOOST_gcc_test(4, 6) \ + _BOOST_gcc_test(4, 5) \ + _BOOST_gcc_test(4, 4) \ + _BOOST_gcc_test(4, 3) \ + _BOOST_gcc_test(4, 2) \ + _BOOST_gcc_test(4, 1) \ + _BOOST_gcc_test(4, 0) \ + "defined __GNUC__ && __GNUC__ == 3 && !defined __ICC \ + && (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw" \ + _BOOST_gcc_test(3, 4) \ + _BOOST_gcc_test(3, 3) \ + "defined _MSC_VER && _MSC_VER >= 1500 @ vc90" \ + "defined _MSC_VER && _MSC_VER == 1400 @ vc80" \ + _BOOST_gcc_test(3, 2) \ + "defined _MSC_VER && _MSC_VER == 1310 @ vc71" \ + _BOOST_gcc_test(3, 1) \ + _BOOST_gcc_test(3, 0) \ + "defined __BORLANDC__ @ bcb" \ + "defined __ICC && (defined __unix || defined __unix__) @ il" \ + "defined __ICL @ iw" \ + "defined _MSC_VER && _MSC_VER == 1300 @ vc7" \ + _BOOST_gcc_test(2, 95) \ + "defined __MWERKS__ && __MWERKS__ <= 0x32FF @ cw9" \ + "defined _MSC_VER && _MSC_VER < 1300 && !defined UNDER_CE @ vc6" \ + "defined _MSC_VER && _MSC_VER < 1300 && defined UNDER_CE @ evc4" \ + "defined __MWERKS__ && __MWERKS__ <= 0x31FF @ cw8" + do + boost_tag_test=`expr "X$i" : 'X\([[^@]]*\) @ '` + boost_tag=`expr "X$i" : 'X[[^@]]* @ \(.*\)'` + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#if $boost_tag_test +/* OK */ +#else +# error $boost_tag_test +#endif +]])], [boost_cv_lib_tag=$boost_tag; break], []) + done +AC_LANG_POP([C++])dnl + case $boost_cv_lib_tag in #( + # Some newer (>= 1.35?) versions of Boost seem to only use "gcc" as opposed + # to "gcc41" for instance. + *-gcc | *'-gcc ') :;; #( Don't re-add -gcc: it's already in there. + gcc*) + boost_tag_x= + case $host_os in #( + darwin*) + if test $boost_major_version -ge 136; then + # The `x' added in r46793 of Boost. + boost_tag_x=x + fi;; + esac + # We can specify multiple tags in this variable because it's used by + # BOOST_FIND_LIB that does a `for tag in -$boost_cv_lib_tag' ... + boost_cv_lib_tag="$boost_tag_x$boost_cv_lib_tag -${boost_tag_x}gcc" + ;; #( + unknown) + AC_MSG_WARN([[could not figure out which toolset name to use for $CXX]]) + boost_cv_lib_tag= + ;; + esac +fi])dnl end of AC_CACHE_CHECK +])# _BOOST_FIND_COMPILER_TAG + + +# _BOOST_GUESS_WHETHER_TO_USE_MT() +# -------------------------------- +# Compile a small test to try to guess whether we should favor MT (Multi +# Thread) flavors of Boost. Sets boost_guess_use_mt accordingly. +AC_DEFUN([_BOOST_GUESS_WHETHER_TO_USE_MT], +[# Check whether we do better use `mt' even though we weren't ask to. +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#if defined _REENTRANT || defined _MT || defined __MT__ +/* use -mt */ +#else +# error MT not needed +#endif +]])], [boost_guess_use_mt=:], [boost_guess_use_mt=false]) +]) + +# _BOOST_AC_LINK_IFELSE(PROGRAM, [ACTION-IF-TRUE], [ACTION-IF-FALSE]) +# ------------------------------------------------------------------- +# Fork of _AC_LINK_IFELSE that preserves conftest.o across calls. Fragile, +# will break when Autoconf changes its internals. Requires that you manually +# rm -f conftest.$ac_objext in between to really different tests, otherwise +# you will try to link a conftest.o left behind by a previous test. +# Used to aggressively optimize BOOST_FIND_LIB (see the big comment in this +# macro). +# +# Don't use "break" in the actions, as it would short-circuit some code +# this macro runs after the actions. +m4_define([_BOOST_AC_LINK_IFELSE], +[m4_ifvaln([$1], [AC_LANG_CONFTEST([$1])])dnl +rm -f conftest$ac_exeext +boost_save_ac_ext=$ac_ext +boost_use_source=: +# If we already have a .o, re-use it. We change $ac_ext so that $ac_link +# tries to link the existing object file instead of compiling from source. +test -f conftest.$ac_objext && ac_ext=$ac_objext && boost_use_source=false && + _AS_ECHO_LOG([re-using the existing conftest.$ac_objext]) +AS_IF([_AC_DO_STDERR($ac_link) && { + test -z "$ac_[]_AC_LANG_ABBREV[]_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && { + test "$cross_compiling" = yes || + $as_executable_p conftest$ac_exeext +dnl FIXME: use AS_TEST_X instead when 2.61 is widespread enough. + }], + [$2], + [if $boost_use_source; then + _AC_MSG_LOG_CONFTEST + fi + $3]) +ac_objext=$boost_save_ac_objext +ac_ext=$boost_save_ac_ext +dnl Delete also the IPA/IPO (Inter Procedural Analysis/Optimization) +dnl information created by the PGI compiler (conftest_ipa8_conftest.oo), +dnl as it would interfere with the next link command. +rm -f core conftest.err conftest_ipa8_conftest.oo \ + conftest$ac_exeext m4_ifval([$1], [conftest.$ac_ext])[]dnl +])# _BOOST_AC_LINK_IFELSE + +# Local Variables: +# mode: autoconf +# End: diff -Nru shibboleth-sp2-2.4.3+dfsg/m4/doxygen.m4 shibboleth-sp2-2.5.2+dfsg/m4/doxygen.m4 --- shibboleth-sp2-2.4.3+dfsg/m4/doxygen.m4 2011-06-28 00:39:26.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/m4/doxygen.m4 2012-07-23 20:08:22.000000000 +0000 @@ -1,39 +1,260 @@ -# This file is part of Autoconf. -*- Autoconf -*- - -# Copyright (C) 2004 Oren Ben-Kiki -# This file is distributed under the same terms as the Autoconf macro files. +# =========================================================================== +# http://www.gnu.org/software/autoconf-archive/ax_prog_doxygen.html +# =========================================================================== +# +# SYNOPSIS +# +# DX_INIT_DOXYGEN(PROJECT-NAME, DOXYFILE-PATH, [OUTPUT-DIR]) +# DX_DOXYGEN_FEATURE(ON|OFF) +# DX_DOT_FEATURE(ON|OFF) +# DX_HTML_FEATURE(ON|OFF) +# DX_CHM_FEATURE(ON|OFF) +# DX_CHI_FEATURE(ON|OFF) +# DX_MAN_FEATURE(ON|OFF) +# DX_RTF_FEATURE(ON|OFF) +# DX_XML_FEATURE(ON|OFF) +# DX_PDF_FEATURE(ON|OFF) +# DX_PS_FEATURE(ON|OFF) +# +# DESCRIPTION +# +# The DX_*_FEATURE macros control the default setting for the given +# Doxygen feature. Supported features are 'DOXYGEN' itself, 'DOT' for +# generating graphics, 'HTML' for plain HTML, 'CHM' for compressed HTML +# help (for MS users), 'CHI' for generating a seperate .chi file by the +# .chm file, and 'MAN', 'RTF', 'XML', 'PDF' and 'PS' for the appropriate +# output formats. The environment variable DOXYGEN_PAPER_SIZE may be +# specified to override the default 'a4wide' paper size. +# +# By default, HTML, PDF and PS documentation is generated as this seems to +# be the most popular and portable combination. MAN pages created by +# Doxygen are usually problematic, though by picking an appropriate subset +# and doing some massaging they might be better than nothing. CHM and RTF +# are specific for MS (note that you can't generate both HTML and CHM at +# the same time). The XML is rather useless unless you apply specialized +# post-processing to it. +# +# The macros mainly control the default state of the feature. The use can +# override the default by specifying --enable or --disable. The macros +# ensure that contradictory flags are not given (e.g., +# --enable-doxygen-html and --enable-doxygen-chm, +# --enable-doxygen-anything with --disable-doxygen, etc.) Finally, each +# feature will be automatically disabled (with a warning) if the required +# programs are missing. +# +# Once all the feature defaults have been specified, call DX_INIT_DOXYGEN +# with the following parameters: a one-word name for the project for use +# as a filename base etc., an optional configuration file name (the +# default is 'Doxyfile', the same as Doxygen's default), and an optional +# output directory name (the default is 'doxygen-doc'). +# +# Automake Support +# +# The following is a template aminclude.am file for use with Automake. +# Make targets and variables values are controlled by the various +# DX_COND_* conditionals set by autoconf. +# +# The provided targets are: +# +# doxygen-doc: Generate all doxygen documentation. +# +# doxygen-run: Run doxygen, which will generate some of the +# documentation (HTML, CHM, CHI, MAN, RTF, XML) +# but will not do the post processing required +# for the rest of it (PS, PDF, and some MAN). +# +# doxygen-man: Rename some doxygen generated man pages. +# +# doxygen-ps: Generate doxygen PostScript documentation. +# +# doxygen-pdf: Generate doxygen PDF documentation. +# +# Note that by default these are not integrated into the automake targets. +# If doxygen is used to generate man pages, you can achieve this +# integration by setting man3_MANS to the list of man pages generated and +# then adding the dependency: +# +# $(man3_MANS): doxygen-doc +# +# This will cause make to run doxygen and generate all the documentation. +# +# The following variable is intended for use in Makefile.am: +# +# DX_CLEANFILES = everything to clean. +# +# Then add this variable to MOSTLYCLEANFILES. +# +# ----- begin aminclude.am ------------------------------------- +# +# ## --------------------------------- ## +# ## Format-independent Doxygen rules. ## +# ## --------------------------------- ## +# +# if DX_COND_doc +# +# ## ------------------------------- ## +# ## Rules specific for HTML output. ## +# ## ------------------------------- ## +# +# if DX_COND_html +# +# DX_CLEAN_HTML = @DX_DOCDIR@/html +# +# endif DX_COND_html +# +# ## ------------------------------ ## +# ## Rules specific for CHM output. ## +# ## ------------------------------ ## +# +# if DX_COND_chm +# +# DX_CLEAN_CHM = @DX_DOCDIR@/chm +# +# if DX_COND_chi +# +# DX_CLEAN_CHI = @DX_DOCDIR@/@PACKAGE@.chi +# +# endif DX_COND_chi +# +# endif DX_COND_chm +# +# ## ------------------------------ ## +# ## Rules specific for MAN output. ## +# ## ------------------------------ ## +# +# if DX_COND_man +# +# DX_CLEAN_MAN = @DX_DOCDIR@/man +# +# endif DX_COND_man +# +# ## ------------------------------ ## +# ## Rules specific for RTF output. ## +# ## ------------------------------ ## +# +# if DX_COND_rtf +# +# DX_CLEAN_RTF = @DX_DOCDIR@/rtf +# +# endif DX_COND_rtf +# +# ## ------------------------------ ## +# ## Rules specific for XML output. ## +# ## ------------------------------ ## +# +# if DX_COND_xml +# +# DX_CLEAN_XML = @DX_DOCDIR@/xml +# +# endif DX_COND_xml +# +# ## ----------------------------- ## +# ## Rules specific for PS output. ## +# ## ----------------------------- ## +# +# if DX_COND_ps +# +# DX_CLEAN_PS = @DX_DOCDIR@/@PACKAGE@.ps +# +# DX_PS_GOAL = doxygen-ps +# +# doxygen-ps: @DX_DOCDIR@/@PACKAGE@.ps +# +# @DX_DOCDIR@/@PACKAGE@.ps: @DX_DOCDIR@/@PACKAGE@.tag +# cd @DX_DOCDIR@/latex; \ +# rm -f *.aux *.toc *.idx *.ind *.ilg *.log *.out; \ +# $(DX_LATEX) refman.tex; \ +# $(MAKEINDEX_PATH) refman.idx; \ +# $(DX_LATEX) refman.tex; \ +# countdown=5; \ +# while $(DX_EGREP) 'Rerun (LaTeX|to get cross-references right)' \ +# refman.log > /dev/null 2>&1 \ +# && test $$countdown -gt 0; do \ +# $(DX_LATEX) refman.tex; \ +# countdown=`expr $$countdown - 1`; \ +# done; \ +# $(DX_DVIPS) -o ../@PACKAGE@.ps refman.dvi +# +# endif DX_COND_ps +# +# ## ------------------------------ ## +# ## Rules specific for PDF output. ## +# ## ------------------------------ ## +# +# if DX_COND_pdf +# +# DX_CLEAN_PDF = @DX_DOCDIR@/@PACKAGE@.pdf +# +# DX_PDF_GOAL = doxygen-pdf +# +# doxygen-pdf: @DX_DOCDIR@/@PACKAGE@.pdf +# +# @DX_DOCDIR@/@PACKAGE@.pdf: @DX_DOCDIR@/@PACKAGE@.tag +# cd @DX_DOCDIR@/latex; \ +# rm -f *.aux *.toc *.idx *.ind *.ilg *.log *.out; \ +# $(DX_PDFLATEX) refman.tex; \ +# $(DX_MAKEINDEX) refman.idx; \ +# $(DX_PDFLATEX) refman.tex; \ +# countdown=5; \ +# while $(DX_EGREP) 'Rerun (LaTeX|to get cross-references right)' \ +# refman.log > /dev/null 2>&1 \ +# && test $$countdown -gt 0; do \ +# $(DX_PDFLATEX) refman.tex; \ +# countdown=`expr $$countdown - 1`; \ +# done; \ +# mv refman.pdf ../@PACKAGE@.pdf +# +# endif DX_COND_pdf +# +# ## ------------------------------------------------- ## +# ## Rules specific for LaTeX (shared for PS and PDF). ## +# ## ------------------------------------------------- ## +# +# if DX_COND_latex +# +# DX_CLEAN_LATEX = @DX_DOCDIR@/latex +# +# endif DX_COND_latex +# +# .PHONY: doxygen-run doxygen-doc $(DX_PS_GOAL) $(DX_PDF_GOAL) +# +# .INTERMEDIATE: doxygen-run $(DX_PS_GOAL) $(DX_PDF_GOAL) +# +# doxygen-run: @DX_DOCDIR@/@PACKAGE@.tag +# +# doxygen-doc: doxygen-run $(DX_PS_GOAL) $(DX_PDF_GOAL) +# +# @DX_DOCDIR@/@PACKAGE@.tag: $(DX_CONFIG) $(pkginclude_HEADERS) +# rm -rf @DX_DOCDIR@ +# $(DX_ENV) $(DX_DOXYGEN) $(srcdir)/$(DX_CONFIG) +# +# DX_CLEANFILES = \ +# @DX_DOCDIR@/@PACKAGE@.tag \ +# -r \ +# $(DX_CLEAN_HTML) \ +# $(DX_CLEAN_CHM) \ +# $(DX_CLEAN_CHI) \ +# $(DX_CLEAN_MAN) \ +# $(DX_CLEAN_RTF) \ +# $(DX_CLEAN_XML) \ +# $(DX_CLEAN_PS) \ +# $(DX_CLEAN_PDF) \ +# $(DX_CLEAN_LATEX) +# +# endif DX_COND_doc +# +# ----- end aminclude.am --------------------------------------- +# +# LICENSE +# +# Copyright (c) 2009 Oren Ben-Kiki +# +# Copying and distribution of this file, with or without modification, are +# permitted in any medium without royalty provided the copyright notice +# and this notice are preserved. This file is offered as-is, without any +# warranty. -# Generate automatic documentation using Doxygen. Works in concert with the -# aminclude.m4 file and a compatible doxygen configuration file. Defines the -# following public macros: -# -# DX_???_FEATURE(ON|OFF) - control the default setting fo a Doxygen feature. -# Supported features are 'DOXYGEN' itself, 'DOT' for generating graphics, -# 'HTML' for plain HTML, 'CHM' for compressed HTML help (for MS users), 'CHI' -# for generating a seperate .chi file by the .chm file, and 'MAN', 'RTF', -# 'XML', 'PDF' and 'PS' for the appropriate output formats. The environment -# variable DOXYGEN_PAPER_SIZE may be specified to override the default 'a4wide' -# paper size. -# -# By default, HTML, PDF and PS documentation is generated as this seems to be -# the most popular and portable combination. MAN pages created by Doxygen are -# usually problematic, though by picking an appropriate subset and doing some -# massaging they might be better than nothing. CHM and RTF are specific for MS -# (note that you can't generate both HTML and CHM at the same time). The XML is -# rather useless unless you apply specialized post-processing to it. -# -# The macro mainly controls the default state of the feature. The use can -# override the default by specifying --enable or --disable. The macros ensure -# that contradictory flags are not given (e.g., --enable-doxygen-html and -# --enable-doxygen-chm, --enable-doxygen-anything with --disable-doxygen, etc.) -# Finally, each feature will be automatically disabled (with a warning) if the -# required programs are missing. -# -# Once all the feature defaults have been specified, call DX_INIT_DOXYGEN with -# the following parameters: a one-word name for the project for use as a -# filename base etc., an optional configuration file name (the default is -# 'Doxyfile', the same as Doxygen's default), and an optional output directory -# name (the default is 'doxygen-doc'). +#serial 11 ## ----------## ## Defaults. ## @@ -41,7 +262,7 @@ DX_ENV="" AC_DEFUN([DX_FEATURE_doc], ON) -AC_DEFUN([DX_FEATURE_dot], ON) +AC_DEFUN([DX_FEATURE_dot], OFF) AC_DEFUN([DX_FEATURE_man], OFF) AC_DEFUN([DX_FEATURE_html], ON) AC_DEFUN([DX_FEATURE_chm], OFF) @@ -81,7 +302,7 @@ AC_PATH_TOOL([$1], [$2]) if test "$DX_FLAG_[]DX_CURRENT_FEATURE$$1" = 1; then AC_MSG_WARN([$2 not found - will not DX_CURRENT_DESCRIPTION]) - AC_SUBST([DX_FLAG_]DX_CURRENT_FEATURE, 0) + AC_SUBST(DX_FLAG_[]DX_CURRENT_FEATURE, 0) fi ]) @@ -104,7 +325,7 @@ # ---------------------------------------------------------- # Turn off the DX_CURRENT_FEATURE if the required feature is off. AC_DEFUN([DX_CLEAR_DEPEND], [ -test "$DX_FLAG_$1" = "$2" || AC_SUBST([DX_FLAG_]DX_CURRENT_FEATURE, 0) +test "$DX_FLAG_$1" = "$2" || AC_SUBST(DX_FLAG_[]DX_CURRENT_FEATURE, 0) ]) # DX_FEATURE_ARG(FEATURE, DESCRIPTION, @@ -164,6 +385,7 @@ # DX_XXX_FEATURE(DEFAULT_STATE) # ----------------------------- AC_DEFUN([DX_DOXYGEN_FEATURE], [AC_DEFUN([DX_FEATURE_doc], [$1])]) +AC_DEFUN([DX_DOT_FEATURE], [AC_DEFUN([DX_FEATURE_dot], [$1])]) AC_DEFUN([DX_MAN_FEATURE], [AC_DEFUN([DX_FEATURE_man], [$1])]) AC_DEFUN([DX_HTML_FEATURE], [AC_DEFUN([DX_FEATURE_html], [$1])]) AC_DEFUN([DX_CHM_FEATURE], [AC_DEFUN([DX_FEATURE_chm], [$1])]) @@ -312,4 +534,4 @@ #echo DX_FLAG_pdf=$DX_FLAG_pdf #echo DX_FLAG_ps=$DX_FLAG_ps #echo DX_ENV=$DX_ENV -]) +]) \ No newline at end of file diff -Nru shibboleth-sp2-2.4.3+dfsg/m4/libtool.m4 shibboleth-sp2-2.5.2+dfsg/m4/libtool.m4 --- shibboleth-sp2-2.4.3+dfsg/m4/libtool.m4 2011-06-28 01:29:18.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/m4/libtool.m4 2013-06-16 22:06:14.000000000 +0000 @@ -1,8 +1,8 @@ # libtool.m4 - Configure libtool for the host system. -*-Autoconf-*- # # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, -# 2006, 2007, 2008, 2009, 2010 Free Software Foundation, -# Inc. +# 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. # Written by Gordon Matzigkeit, 1996 # # This file is free software; the Free Software Foundation gives @@ -11,8 +11,8 @@ m4_define([_LT_COPYING], [dnl # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, -# 2006, 2007, 2008, 2009, 2010 Free Software Foundation, -# Inc. +# 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. # Written by Gordon Matzigkeit, 1996 # # This file is part of GNU Libtool. @@ -146,6 +146,8 @@ AC_REQUIRE([_LT_PREPARE_SED_QUOTE_VARS])dnl AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl +_LT_DECL([], [PATH_SEPARATOR], [1], [The PATH separator for the build system])dnl +dnl _LT_DECL([], [host_alias], [0], [The host system])dnl _LT_DECL([], [host], [0])dnl _LT_DECL([], [host_os], [0])dnl @@ -637,7 +639,7 @@ m4_ifset([AC_PACKAGE_VERSION], [ AC_PACKAGE_VERSION]) configured by $[0], generated by m4_PACKAGE_STRING. -Copyright (C) 2010 Free Software Foundation, Inc. +Copyright (C) 2011 Free Software Foundation, Inc. This config.lt script is free software; the Free Software Foundation gives unlimited permision to copy, distribute and modify it." @@ -801,6 +803,7 @@ m4_case([$1], [C], [_LT_LANG(C)], [C++], [_LT_LANG(CXX)], + [Go], [_LT_LANG(GO)], [Java], [_LT_LANG(GCJ)], [Fortran 77], [_LT_LANG(F77)], [Fortran], [_LT_LANG(FC)], @@ -822,6 +825,31 @@ ])# _LT_LANG +m4_ifndef([AC_PROG_GO], [ +############################################################ +# NOTE: This macro has been submitted for inclusion into # +# GNU Autoconf as AC_PROG_GO. When it is available in # +# a released version of Autoconf we should remove this # +# macro and use it instead. # +############################################################ +m4_defun([AC_PROG_GO], +[AC_LANG_PUSH(Go)dnl +AC_ARG_VAR([GOC], [Go compiler command])dnl +AC_ARG_VAR([GOFLAGS], [Go compiler flags])dnl +_AC_ARG_VAR_LDFLAGS()dnl +AC_CHECK_TOOL(GOC, gccgo) +if test -z "$GOC"; then + if test -n "$ac_tool_prefix"; then + AC_CHECK_PROG(GOC, [${ac_tool_prefix}gccgo], [${ac_tool_prefix}gccgo]) + fi +fi +if test -z "$GOC"; then + AC_CHECK_PROG(GOC, gccgo, gccgo, false) +fi +])#m4_defun +])#m4_ifndef + + # _LT_LANG_DEFAULT_CONFIG # ----------------------- m4_defun([_LT_LANG_DEFAULT_CONFIG], @@ -852,6 +880,10 @@ m4_ifdef([LT_PROG_GCJ], [m4_define([LT_PROG_GCJ], defn([LT_PROG_GCJ])[LT_LANG(GCJ)])])])])]) +AC_PROVIDE_IFELSE([AC_PROG_GO], + [LT_LANG(GO)], + [m4_define([AC_PROG_GO], defn([AC_PROG_GO])[LT_LANG(GO)])]) + AC_PROVIDE_IFELSE([LT_PROG_RC], [LT_LANG(RC)], [m4_define([LT_PROG_RC], defn([LT_PROG_RC])[LT_LANG(RC)])]) @@ -954,7 +986,13 @@ $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ -dynamiclib -Wl,-single_module conftest.c 2>conftest.err _lt_result=$? - if test -f libconftest.dylib && test ! -s conftest.err && test $_lt_result = 0; then + # If there is a non-empty error log, and "single_module" + # appears in it, assume the flag caused a linker warning + if test -s conftest.err && $GREP single_module conftest.err; then + cat conftest.err >&AS_MESSAGE_LOG_FD + # Otherwise, if the output was created with a 0 exit code from + # the compiler, it worked. + elif test -f libconftest.dylib && test $_lt_result -eq 0; then lt_cv_apple_cc_single_mod=yes else cat conftest.err >&AS_MESSAGE_LOG_FD @@ -962,6 +1000,7 @@ rm -rf libconftest.dylib* rm -f conftest.* fi]) + AC_CACHE_CHECK([for -exported_symbols_list linker flag], [lt_cv_ld_exported_symbols_list], [lt_cv_ld_exported_symbols_list=no @@ -973,6 +1012,7 @@ [lt_cv_ld_exported_symbols_list=no]) LDFLAGS="$save_LDFLAGS" ]) + AC_CACHE_CHECK([for -force_load linker flag],[lt_cv_ld_force_load], [lt_cv_ld_force_load=no cat > conftest.c << _LT_EOF @@ -990,7 +1030,9 @@ echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&AS_MESSAGE_LOG_FD $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err _lt_result=$? - if test -f conftest && test ! -s conftest.err && test $_lt_result = 0 && $GREP forced_load conftest 2>&1 >/dev/null; then + if test -s conftest.err && $GREP force_load conftest.err; then + cat conftest.err >&AS_MESSAGE_LOG_FD + elif test -f conftest && test $_lt_result -eq 0 && $GREP forced_load conftest >/dev/null 2>&1 ; then lt_cv_ld_force_load=yes else cat conftest.err >&AS_MESSAGE_LOG_FD @@ -1035,8 +1077,8 @@ ]) -# _LT_DARWIN_LINKER_FEATURES -# -------------------------- +# _LT_DARWIN_LINKER_FEATURES([TAG]) +# --------------------------------- # Checks for linker and compiler features on darwin m4_defun([_LT_DARWIN_LINKER_FEATURES], [ @@ -1047,6 +1089,8 @@ _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported if test "$lt_cv_ld_force_load" = "yes"; then _LT_TAGVAR(whole_archive_flag_spec, $1)='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience ${wl}-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`' + m4_case([$1], [F77], [_LT_TAGVAR(compiler_needs_object, $1)=yes], + [FC], [_LT_TAGVAR(compiler_needs_object, $1)=yes]) else _LT_TAGVAR(whole_archive_flag_spec, $1)='' fi @@ -1330,14 +1374,27 @@ CFLAGS="$SAVE_CFLAGS" fi ;; -sparc*-*solaris*) +*-*solaris*) # Find out which ABI we are using. echo 'int i;' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then case `/usr/bin/file conftest.o` in *64-bit*) case $lt_cv_prog_gnu_ld in - yes*) LD="${LD-ld} -m elf64_sparc" ;; + yes*) + case $host in + i?86-*-solaris*) + LD="${LD-ld} -m elf_x86_64" + ;; + sparc*-*-solaris*) + LD="${LD-ld} -m elf64_sparc" + ;; + esac + # GNU ld 2.21 introduced _sol2 emulations. Use them if available. + if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then + LD="${LD-ld}_sol2" + fi + ;; *) if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then LD="${LD-ld} -64" @@ -1414,13 +1471,13 @@ if test -n "$RANLIB"; then case $host_os in openbsd*) - old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib" + old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib" ;; *) - old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib" + old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib" ;; esac - old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib" + old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib" fi case $host_os in @@ -1600,6 +1657,11 @@ lt_cv_sys_max_cmd_len=196608 ;; + os2*) + # The test takes a long time on OS/2. + lt_cv_sys_max_cmd_len=8192 + ;; + osf*) # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not @@ -1639,7 +1701,7 @@ # If test is not a shell built-in, we'll probably end up computing a # maximum length that is only half of the actual maximum length, but # we can't tell. - while { test "X"`func_fallback_echo "$teststring$teststring" 2>/dev/null` \ + while { test "X"`env echo "$teststring$teststring" 2>/dev/null` \ = "X$teststring$teststring"; } >/dev/null 2>&1 && test $i != 17 # 1/2 MB should be enough do @@ -2185,7 +2247,7 @@ case $host_os in aix3*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a' shlibpath_var=LIBPATH @@ -2194,7 +2256,7 @@ ;; aix[[4-9]]*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no hardcode_into_libs=yes @@ -2259,7 +2321,7 @@ ;; bsdi[[45]]*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' @@ -2398,7 +2460,7 @@ ;; dgux*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext' @@ -2406,10 +2468,6 @@ shlibpath_var=LD_LIBRARY_PATH ;; -freebsd1*) - dynamic_linker=no - ;; - freebsd* | dragonfly*) # DragonFly does not have aout. When/if they implement a new # versioning mechanism, adjust this. @@ -2417,7 +2475,7 @@ objformat=`/usr/bin/objformat` else case $host_os in - freebsd[[123]]*) objformat=aout ;; + freebsd[[23]].*) objformat=aout ;; *) objformat=elf ;; esac fi @@ -2435,7 +2493,7 @@ esac shlibpath_var=LD_LIBRARY_PATH case $host_os in - freebsd2*) + freebsd2.*) shlibpath_overrides_runpath=yes ;; freebsd3.[[01]]* | freebsdelf3.[[01]]*) @@ -2455,17 +2513,18 @@ ;; gnu*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; haiku*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no dynamic_linker="$host_os runtime_loader" @@ -2526,7 +2585,7 @@ ;; interix[[3-9]]*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' @@ -2542,7 +2601,7 @@ nonstopux*) version_type=nonstopux ;; *) if test "$lt_cv_prog_gnu_ld" = yes; then - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor else version_type=irix fi ;; @@ -2579,9 +2638,9 @@ dynamic_linker=no ;; -# This must be Linux ELF. +# This must be glibc/ELF. linux* | k*bsd*-gnu | kopensolaris*-gnu) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' @@ -2644,7 +2703,7 @@ ;; newsos6) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes @@ -2713,7 +2772,7 @@ ;; solaris*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' @@ -2738,7 +2797,7 @@ ;; sysv4 | sysv4.3*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH @@ -2762,7 +2821,7 @@ sysv4*MP*) if test -d /usr/nec ;then - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}' soname_spec='$libname${shared_ext}.$major' shlibpath_var=LD_LIBRARY_PATH @@ -2793,7 +2852,7 @@ tpf*) # TPF is a cross-target only. Preferred cross-host = GNU/Linux. - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' @@ -2803,7 +2862,7 @@ ;; uts4*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH @@ -3225,7 +3284,7 @@ lt_cv_deplibs_check_method=pass_all ;; -# This must be Linux ELF. +# This must be glibc/ELF. linux* | k*bsd*-gnu | kopensolaris*-gnu) lt_cv_deplibs_check_method=pass_all ;; @@ -3645,6 +3704,7 @@ # which start with @ or ?. lt_cv_sys_global_symbol_pipe="$AWK ['"\ " {last_section=section; section=\$ 3};"\ +" /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\ " /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\ " \$ 0!~/External *\|/{next};"\ " / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\ @@ -4229,7 +4289,9 @@ case $cc_basename in nvcc*) # Cuda Compiler Driver 2.2 _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Xlinker ' - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-Xcompiler -fPIC' + if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then + _LT_TAGVAR(lt_prog_compiler_pic, $1)="-Xcompiler $_LT_TAGVAR(lt_prog_compiler_pic, $1)" + fi ;; esac else @@ -4321,18 +4383,33 @@ ;; *) case `$CC -V 2>&1 | sed 5q` in - *Sun\ F* | *Sun*Fortran*) + *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [[1-7]].* | *Sun*Fortran*\ 8.[[0-3]]*) # Sun Fortran 8.3 passes all unrecognized flags to the linker _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' _LT_TAGVAR(lt_prog_compiler_wl, $1)='' ;; + *Sun\ F* | *Sun*Fortran*) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' + ;; *Sun\ C*) # Sun C 5.9 _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' ;; + *Intel*\ [[CF]]*Compiler*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + ;; + *Portland\ Group*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; esac ;; esac @@ -4492,7 +4569,9 @@ ;; cygwin* | mingw* | cegcc*) case $cc_basename in - cl*) ;; + cl*) + _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*' + ;; *) _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols' _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname'] @@ -4517,7 +4596,6 @@ _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= - _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)= _LT_TAGVAR(hardcode_libdir_separator, $1)= _LT_TAGVAR(hardcode_minus_L, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported @@ -4768,8 +4846,7 @@ xlf* | bgf* | bgxlf* | mpixlf*) # IBM XL Fortran 10.1 on PPC cannot create shared libs itself _LT_TAGVAR(whole_archive_flag_spec, $1)='--whole-archive$convenience --no-whole-archive' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= - _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='-rpath $libdir' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib' if test "x$supports_anon_versioning" = xyes; then _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ @@ -5064,6 +5141,7 @@ # The linker will not automatically build a static lib if we build a DLL. # _LT_TAGVAR(old_archive_from_new_cmds, $1)='true' _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*' _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1,DATA/'\'' | $SED -e '\''/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols' # Don't use ranlib _LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib' @@ -5110,10 +5188,6 @@ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; - freebsd1*) - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor # support. Future versions do this automatically, but an explicit c++rt0.o # does not break anything, and helps significantly (at the cost of a little @@ -5126,7 +5200,7 @@ ;; # Unfortunately, older versions of FreeBSD 2 do not have this feature. - freebsd2*) + freebsd2.*) _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_minus_L, $1)=yes @@ -5165,7 +5239,6 @@ fi if test "$with_gnu_ld" = no; then _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' - _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='+b $libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_direct_absolute, $1)=yes @@ -5607,9 +5680,6 @@ _LT_TAGDECL([], [hardcode_libdir_flag_spec], [1], [Flag to hardcode $libdir into a binary during linking. This must work even if $libdir does not exist]) -_LT_TAGDECL([], [hardcode_libdir_flag_spec_ld], [1], - [[If ld is used when linking, flag to hardcode $libdir into a binary - during linking. This must work even if $libdir does not exist]]) _LT_TAGDECL([], [hardcode_libdir_separator], [1], [Whether we need a single "-rpath" flag with a separated argument]) _LT_TAGDECL([], [hardcode_direct], [0], @@ -5767,7 +5837,6 @@ _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= -_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)= _LT_TAGVAR(hardcode_libdir_separator, $1)= _LT_TAGVAR(hardcode_minus_L, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported @@ -6137,7 +6206,7 @@ esac ;; - freebsd[[12]]*) + freebsd2.*) # C++ shared libraries reported to be fairly broken before # switch to ELF _LT_TAGVAR(ld_shlibs, $1)=no @@ -6898,12 +6967,18 @@ } }; _LT_EOF +], [$1], [GO], [cat > conftest.$ac_ext <<_LT_EOF +package foo +func foo() { +} +_LT_EOF ]) _lt_libdeps_save_CFLAGS=$CFLAGS case "$CC $CFLAGS " in #( *\ -flto*\ *) CFLAGS="$CFLAGS -fno-lto" ;; *\ -fwhopr*\ *) CFLAGS="$CFLAGS -fno-whopr" ;; +*\ -fuse-linker-plugin*\ *) CFLAGS="$CFLAGS -fno-use-linker-plugin" ;; esac dnl Parse the compiler output and extract the necessary @@ -7100,7 +7175,6 @@ _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= -_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)= _LT_TAGVAR(hardcode_libdir_separator, $1)= _LT_TAGVAR(hardcode_minus_L, $1)=no _LT_TAGVAR(hardcode_automatic, $1)=no @@ -7233,7 +7307,6 @@ _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= -_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)= _LT_TAGVAR(hardcode_libdir_separator, $1)= _LT_TAGVAR(hardcode_minus_L, $1)=no _LT_TAGVAR(hardcode_automatic, $1)=no @@ -7420,6 +7493,77 @@ ])# _LT_LANG_GCJ_CONFIG +# _LT_LANG_GO_CONFIG([TAG]) +# -------------------------- +# Ensure that the configuration variables for the GNU Go compiler +# are suitably defined. These variables are subsequently used by _LT_CONFIG +# to write the compiler configuration to `libtool'. +m4_defun([_LT_LANG_GO_CONFIG], +[AC_REQUIRE([LT_PROG_GO])dnl +AC_LANG_SAVE + +# Source file extension for Go test sources. +ac_ext=go + +# Object file extension for compiled Go test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# Code to be used in simple compile tests +lt_simple_compile_test_code="package main; func main() { }" + +# Code to be used in simple link tests +lt_simple_link_test_code='package main; func main() { }' + +# ltmain only uses $CC for tagged configurations so make sure $CC is set. +_LT_TAG_COMPILER + +# save warnings/boilerplate of simple test code +_LT_COMPILER_BOILERPLATE +_LT_LINKER_BOILERPLATE + +# Allow CC to be a program name with arguments. +lt_save_CC=$CC +lt_save_CFLAGS=$CFLAGS +lt_save_GCC=$GCC +GCC=yes +CC=${GOC-"gccgo"} +CFLAGS=$GOFLAGS +compiler=$CC +_LT_TAGVAR(compiler, $1)=$CC +_LT_TAGVAR(LD, $1)="$LD" +_LT_CC_BASENAME([$compiler]) + +# Go did not exist at the time GCC didn't implicitly link libc in. +_LT_TAGVAR(archive_cmds_need_lc, $1)=no + +_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds +_LT_TAGVAR(reload_flag, $1)=$reload_flag +_LT_TAGVAR(reload_cmds, $1)=$reload_cmds + +## CAVEAT EMPTOR: +## There is no encapsulation within the following macros, do not change +## the running order or otherwise move them around unless you know exactly +## what you are doing... +if test -n "$compiler"; then + _LT_COMPILER_NO_RTTI($1) + _LT_COMPILER_PIC($1) + _LT_COMPILER_C_O($1) + _LT_COMPILER_FILE_LOCKS($1) + _LT_LINKER_SHLIBS($1) + _LT_LINKER_HARDCODE_LIBPATH($1) + + _LT_CONFIG($1) +fi + +AC_LANG_RESTORE + +GCC=$lt_save_GCC +CC=$lt_save_CC +CFLAGS=$lt_save_CFLAGS +])# _LT_LANG_GO_CONFIG + + # _LT_LANG_RC_CONFIG([TAG]) # ------------------------- # Ensure that the configuration variables for the Windows resource compiler @@ -7489,6 +7633,13 @@ dnl AC_DEFUN([LT_AC_PROG_GCJ], []) +# LT_PROG_GO +# ---------- +AC_DEFUN([LT_PROG_GO], +[AC_CHECK_TOOL(GOC, gccgo,) +]) + + # LT_PROG_RC # ---------- AC_DEFUN([LT_PROG_RC], diff -Nru shibboleth-sp2-2.4.3+dfsg/m4/ltoptions.m4 shibboleth-sp2-2.5.2+dfsg/m4/ltoptions.m4 --- shibboleth-sp2-2.4.3+dfsg/m4/ltoptions.m4 2011-06-28 01:29:18.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/m4/ltoptions.m4 2013-06-16 22:06:14.000000000 +0000 @@ -326,9 +326,24 @@ # MODE is either `yes' or `no'. If omitted, it defaults to `both'. m4_define([_LT_WITH_PIC], [AC_ARG_WITH([pic], - [AS_HELP_STRING([--with-pic], + [AS_HELP_STRING([--with-pic@<:@=PKGS@:>@], [try to use only PIC/non-PIC objects @<:@default=use both@:>@])], - [pic_mode="$withval"], + [lt_p=${PACKAGE-default} + case $withval in + yes|no) pic_mode=$withval ;; + *) + pic_mode=default + # Look at the argument we got. We use all the common list separators. + lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + for lt_pkg in $withval; do + IFS="$lt_save_ifs" + if test "X$lt_pkg" = "X$lt_p"; then + pic_mode=yes + fi + done + IFS="$lt_save_ifs" + ;; + esac], [pic_mode=default]) test -z "$pic_mode" && pic_mode=m4_default([$1], [default]) diff -Nru shibboleth-sp2-2.4.3+dfsg/m4/ltversion.m4 shibboleth-sp2-2.5.2+dfsg/m4/ltversion.m4 --- shibboleth-sp2-2.4.3+dfsg/m4/ltversion.m4 2011-06-28 01:29:18.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/m4/ltversion.m4 2013-06-16 22:06:14.000000000 +0000 @@ -9,15 +9,15 @@ # @configure_input@ -# serial 3293 ltversion.m4 +# serial 3337 ltversion.m4 # This file is part of GNU Libtool -m4_define([LT_PACKAGE_VERSION], [2.4]) -m4_define([LT_PACKAGE_REVISION], [1.3293]) +m4_define([LT_PACKAGE_VERSION], [2.4.2]) +m4_define([LT_PACKAGE_REVISION], [1.3337]) AC_DEFUN([LTVERSION_VERSION], -[macro_version='2.4' -macro_revision='1.3293' +[macro_version='2.4.2' +macro_revision='1.3337' _LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?]) _LT_DECL(, macro_revision, 0) ]) diff -Nru shibboleth-sp2-2.4.3+dfsg/memcache-store/Makefile.am shibboleth-sp2-2.5.2+dfsg/memcache-store/Makefile.am --- shibboleth-sp2-2.4.3+dfsg/memcache-store/Makefile.am 2011-06-28 00:39:28.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/memcache-store/Makefile.am 2013-06-16 19:43:47.000000000 +0000 @@ -1,19 +1,18 @@ AUTOMAKE_OPTIONS = foreign -plugindir = $(libdir)/@PACKAGE@ +plugindir = $(libdir)/@PACKAGE_NAME@ plugin_LTLIBRARIES = memcache-store.la -AM_CFLAGS = $(MEMCACHED_CFLAGS) -AM_CXXFLAGS = $(MEMCACHED_CFLAGS) +AM_CFLAGS = $(MEMCACHED_INCLUDE) +AM_CXXFLAGS = $(MEMCACHED_INCLUDE) +memcache_store_la_LDFLAGS = $(MEMCACHED_LDFLAGS) -module -avoid-version memcache_store_la_LIBADD = $(XMLSEC_LIBS) $(MEMCACHED_LIBS) memcache_store_la_SOURCES = \ memcache-store.cpp -memcache_store_la_LDFLAGS = -module -avoid-version - -install-exec-hook: +install-data-hook: for la in $(plugin_LTLIBRARIES) ; do rm -f $(DESTDIR)$(plugindir)/$$la ; done EXTRA_DIST = memcache-store.vcxproj memcache-store.rc resource.h diff -Nru shibboleth-sp2-2.4.3+dfsg/memcache-store/Makefile.in shibboleth-sp2-2.5.2+dfsg/memcache-store/Makefile.in --- shibboleth-sp2-2.4.3+dfsg/memcache-store/Makefile.in 2011-06-28 01:29:28.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/memcache-store/Makefile.in 2013-06-16 22:06:20.000000000 +0000 @@ -1,9 +1,8 @@ -# Makefile.in generated by automake 1.11.1 from Makefile.am. +# Makefile.in generated by automake 1.12.6 from Makefile.am. # @configure_input@ -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, -# Inc. +# Copyright (C) 1994-2012 Free Software Foundation, Inc. + # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,6 +15,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -35,13 +51,15 @@ build_triplet = @build@ host_triplet = @host@ subdir = memcache-store -DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ + $(top_srcdir)/build-aux/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/acinclude.m4 \ - $(top_srcdir)/m4/acx_pthread.m4 $(top_srcdir)/m4/doxygen.m4 \ - $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ - $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ - $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac + $(top_srcdir)/m4/acx_pthread.m4 $(top_srcdir)/m4/boost.m4 \ + $(top_srcdir)/m4/doxygen.m4 $(top_srcdir)/m4/libtool.m4 \ + $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ + $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ + $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d @@ -70,6 +88,12 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } am__installdirs = "$(DESTDIR)$(plugindir)" LTLIBRARIES = $(plugin_LTLIBRARIES) am__DEPENDENCIES_1 = @@ -95,6 +119,11 @@ $(LDFLAGS) -o $@ SOURCES = $(memcache_store_la_SOURCES) DIST_SOURCES = $(memcache_store_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -109,6 +138,9 @@ APXS22 = @APXS22@ APXS22_CFLAGS = @APXS22_CFLAGS@ APXS22_INCLUDE = @APXS22_INCLUDE@ +APXS24 = @APXS24@ +APXS24_CFLAGS = @APXS24_CFLAGS@ +APXS24_INCLUDE = @APXS24_INCLUDE@ APXS2_CFLAGS = @APXS2_CFLAGS@ APXS2_INCLUDE = @APXS2_INCLUDE@ APXS_CFLAGS = @APXS_CFLAGS@ @@ -118,6 +150,8 @@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ +BOOST_CPPFLAGS = @BOOST_CPPFLAGS@ +BOOST_ROOT = @BOOST_ROOT@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ @@ -130,6 +164,7 @@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ +DISTCHECK_CONFIGURE_FLAGS = @DISTCHECK_CONFIGURE_FLAGS@ DLLTOOL = @DLLTOOL@ DOXYGEN_PAPER_SIZE = @DOXYGEN_PAPER_SIZE@ DSYMUTIL = @DSYMUTIL@ @@ -277,15 +312,15 @@ top_srcdir = @top_srcdir@ xs = @xs@ AUTOMAKE_OPTIONS = foreign -plugindir = $(libdir)/@PACKAGE@ +plugindir = $(libdir)/@PACKAGE_NAME@ plugin_LTLIBRARIES = memcache-store.la -AM_CFLAGS = $(MEMCACHED_CFLAGS) -AM_CXXFLAGS = $(MEMCACHED_CFLAGS) +AM_CFLAGS = $(MEMCACHED_INCLUDE) +AM_CXXFLAGS = $(MEMCACHED_INCLUDE) +memcache_store_la_LDFLAGS = $(MEMCACHED_LDFLAGS) -module -avoid-version memcache_store_la_LIBADD = $(XMLSEC_LIBS) $(MEMCACHED_LIBS) memcache_store_la_SOURCES = \ memcache-store.cpp -memcache_store_la_LDFLAGS = -module -avoid-version EXTRA_DIST = memcache-store.vcxproj memcache-store.rc resource.h all: all-am @@ -323,7 +358,6 @@ $(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -331,6 +365,8 @@ else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } @@ -346,13 +382,15 @@ clean-pluginLTLIBRARIES: -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ - test "$$dir" != "$$p" || dir=.; \ - echo "rm -f \"$${dir}/so_locations\""; \ - rm -f "$${dir}/so_locations"; \ - done -memcache-store.la: $(memcache_store_la_OBJECTS) $(memcache_store_la_DEPENDENCIES) + @list='$(plugin_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } +memcache-store.la: $(memcache_store_la_OBJECTS) $(memcache_store_la_DEPENDENCIES) $(EXTRA_memcache_store_la_DEPENDENCIES) $(memcache_store_la_LINK) -rpath $(plugindir) $(memcache_store_la_OBJECTS) $(memcache_store_la_LIBADD) $(LIBS) mostlyclean-compile: @@ -439,6 +477,20 @@ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: $(HEADERS) $(SOURCES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -489,10 +541,15 @@ installcheck: installcheck-am install-strip: - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - `test -z '$(STRIP)' || \ - echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi mostlyclean-generic: clean-generic: @@ -528,14 +585,14 @@ info-am: install-data-am: install-pluginLTLIBRARIES - + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-dvi: install-dvi-am install-dvi-am: install-exec-am: - @$(NORMAL_INSTALL) - $(MAKE) $(AM_MAKEFLAGS) install-exec-hook + install-html: install-html-am install-html-am: @@ -576,25 +633,25 @@ uninstall-am: uninstall-pluginLTLIBRARIES -.MAKE: install-am install-exec-am install-strip +.MAKE: install-am install-data-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-exec-hook \ - install-html install-html-am install-info install-info-am \ - install-man install-pdf install-pdf-am \ - install-pluginLTLIBRARIES install-ps install-ps-am \ - install-strip installcheck installcheck-am installdirs \ - maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ - pdf pdf-am ps ps-am tags uninstall uninstall-am \ - uninstall-pluginLTLIBRARIES + clean-libtool clean-pluginLTLIBRARIES cscopelist ctags \ + distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-data-hook install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-pluginLTLIBRARIES install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \ + uninstall-am uninstall-pluginLTLIBRARIES -install-exec-hook: +install-data-hook: for la in $(plugin_LTLIBRARIES) ; do rm -f $(DESTDIR)$(plugindir)/$$la ; done # Tell versions [3.59,3.63) of GNU make to not export all variables. diff -Nru shibboleth-sp2-2.4.3+dfsg/memcache-store/memcache-store.cpp shibboleth-sp2-2.5.2+dfsg/memcache-store/memcache-store.cpp --- shibboleth-sp2-2.4.3+dfsg/memcache-store/memcache-store.cpp 2011-06-28 00:39:28.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/memcache-store/memcache-store.cpp 2012-07-23 20:08:29.000000000 +0000 @@ -56,758 +56,568 @@ using namespace xmltooling::logging; using namespace xmltooling; using namespace xercesc; +using namespace boost; using namespace std; -namespace xmltooling { - static const XMLCh Hosts[] = UNICODE_LITERAL_5(H,o,s,t,s); - static const XMLCh prefix[] = UNICODE_LITERAL_6(p,r,e,f,i,x); - static const XMLCh buildMap[] = UNICODE_LITERAL_8(b,u,i,l,d,M,a,p); - static const XMLCh sendTimeout[] = UNICODE_LITERAL_11(s,e,n,d,T,i,m,e,o,u,t); - static const XMLCh recvTimeout[] = UNICODE_LITERAL_11(r,e,c,v,T,i,m,e,o,u,t); - static const XMLCh pollTimeout[] = UNICODE_LITERAL_11(p,o,l,l,T,i,m,e,o,u,t); - static const XMLCh failLimit[] = UNICODE_LITERAL_9(f,a,i,l,L,i,m,i,t); - static const XMLCh retryTimeout[] = UNICODE_LITERAL_12(r,e,t,r,y,T,i,m,e,o,u,t); - static const XMLCh nonBlocking[] = UNICODE_LITERAL_11(n,o,n,B,l,o,c,k,i,n,g); - - class mc_record { - public: - string value; - time_t expiration; - mc_record(){}; - mc_record(string _v, time_t _e) : - value(_v), expiration(_e) - {} - }; - - class MemcacheBase { - public: - MemcacheBase(const DOMElement* e); - ~MemcacheBase(); +namespace { + static const XMLCh Hosts[] = UNICODE_LITERAL_5(H,o,s,t,s); + static const XMLCh prefix[] = UNICODE_LITERAL_6(p,r,e,f,i,x); + static const XMLCh buildMap[] = UNICODE_LITERAL_8(b,u,i,l,d,M,a,p); + static const XMLCh sendTimeout[] = UNICODE_LITERAL_11(s,e,n,d,T,i,m,e,o,u,t); + static const XMLCh recvTimeout[] = UNICODE_LITERAL_11(r,e,c,v,T,i,m,e,o,u,t); + static const XMLCh pollTimeout[] = UNICODE_LITERAL_11(p,o,l,l,T,i,m,e,o,u,t); + static const XMLCh failLimit[] = UNICODE_LITERAL_9(f,a,i,l,L,i,m,i,t); + static const XMLCh retryTimeout[] = UNICODE_LITERAL_12(r,e,t,r,y,T,i,m,e,o,u,t); + static const XMLCh nonBlocking[] = UNICODE_LITERAL_11(n,o,n,B,l,o,c,k,i,n,g); + + class mc_record { + public: + string value; + time_t expiration; + mc_record() {}; + mc_record(string _v, time_t _e) : value(_v), expiration(_e) {} + }; + + class MemcacheBase { + public: + MemcacheBase(const DOMElement* e); + ~MemcacheBase(); - bool addMemcache(const char *key, - string &value, - time_t timeout, - uint32_t flags, - bool use_prefix = true); - bool setMemcache(const char *key, - string &value, - time_t timeout, - uint32_t flags, - bool use_prefix = true); - bool replaceMemcache(const char *key, - string &value, - time_t timeout, - uint32_t flags, - bool use_prefix = true); - bool getMemcache(const char *key, - string &dest, - uint32_t *flags, - bool use_prefix = true); - bool deleteMemcache(const char *key, - time_t timeout, - bool use_prefix = true); - - void serialize(mc_record &source, string &dest); - void serialize(list &source, string &dest); - void deserialize(string &source, mc_record &dest); - void deserialize(string &source, list &dest); - - bool addSessionToUser(string &key, string &user); - bool addLock(string what, bool use_prefix = true); - void deleteLock(string what, bool use_prefix = true); - - protected: - const DOMElement* m_root; // can only use this during initialization - Category& log; - memcached_st *memc; - string m_prefix; - Mutex* m_lock; - }; + bool addMemcache(const char* key, string &value, time_t timeout, uint32_t flags, bool use_prefix = true); + bool setMemcache(const char* key, string &value, time_t timeout, uint32_t flags, bool use_prefix = true); + bool replaceMemcache(const char* key, string &value, time_t timeout, uint32_t flags, bool use_prefix = true); + bool getMemcache(const char* key, string &dest, uint32_t *flags, bool use_prefix = true); + bool deleteMemcache(const char* key, time_t timeout, bool use_prefix = true); + + void serialize(mc_record &source, string &dest); + void serialize(list &source, string &dest); + void deserialize(string &source, mc_record &dest); + void deserialize(string &source, list &dest); + + bool addLock(string what, bool use_prefix = true); + void deleteLock(string what, bool use_prefix = true); + + protected: + Category& m_log; + memcached_st* memc; + string m_prefix; + scoped_ptr m_lock; + + private: + bool handleError(const char*, memcached_return) const; + }; - class MemcacheStorageService : public StorageService, public MemcacheBase { + class MemcacheStorageService : public StorageService, public MemcacheBase { - public: - MemcacheStorageService(const DOMElement* e); - ~MemcacheStorageService(); - - bool createString(const char* context, const char* key, const char* value, time_t expiration); - int readString(const char* context, const char* key, string* pvalue=nullptr, time_t* pexpiration=nullptr, int version=0); - int updateString(const char* context, const char* key, const char* value=nullptr, time_t expiration=0, int version=0); - bool deleteString(const char* context, const char* key); + public: + MemcacheStorageService(const DOMElement* e); + ~MemcacheStorageService() {} + + const Capabilities& getCapabilities() const { + return m_caps; + } + + bool createString(const char* context, const char* key, const char* value, time_t expiration); + int readString(const char* context, const char* key, string* pvalue=nullptr, time_t* pexpiration=nullptr, int version=0); + int updateString(const char* context, const char* key, const char* value=nullptr, time_t expiration=0, int version=0); + bool deleteString(const char* context, const char* key); + + bool createText(const char* context, const char* key, const char* value, time_t expiration) { + return createString(context, key, value, expiration); + } + int readText(const char* context, const char* key, string* pvalue=nullptr, time_t* pexpiration=nullptr, int version=0) { + return readString(context, key, pvalue, pexpiration, version); + } + int updateText(const char* context, const char* key, const char* value=nullptr, time_t expiration=0, int version=0) { + return updateString(context, key, value, expiration, version); + } + bool deleteText(const char* context, const char* key) { + return deleteString(context, key); + } - bool createText(const char* context, const char* key, const char* value, time_t expiration) { - return createString(context, key, value, expiration); - } - int readText(const char* context, const char* key, string* pvalue=nullptr, time_t* pexpiration=nullptr, int version=0) { - return readString(context, key, pvalue, pexpiration, version); - } - int updateText(const char* context, const char* key, const char* value=nullptr, time_t expiration=0, int version=0) { - return updateString(context, key, value, expiration, version); - } - bool deleteText(const char* context, const char* key) { - return deleteString(context, key); - } - - void reap(const char* context) {} + void reap(const char* context) {} - void updateContext(const char* context, time_t expiration); - void deleteContext(const char* context); + void updateContext(const char* context, time_t expiration); + void deleteContext(const char* context); private: + Capabilities m_caps; + bool m_buildMap; + }; - Category& m_log; - bool m_buildMap; - - - }; - - StorageService* MemcacheStorageServiceFactory(const DOMElement* const & e) { - return new MemcacheStorageService(e); - } - + StorageService* MemcacheStorageServiceFactory(const DOMElement* const & e) { + return new MemcacheStorageService(e); + } }; -bool MemcacheBase::addLock(string what, bool use_prefix) { - string lock_name = what + ":LOCK"; - string set_val = "1"; - unsigned tries = 5; - while (!addMemcache(lock_name.c_str(), set_val, 5, 0, use_prefix)) { - if (tries-- == 0) { - log.debug("Unable to get lock %s... FAILED.", lock_name.c_str()); - return false; +MemcacheBase::MemcacheBase(const DOMElement* e) + : m_log(Category::getInstance("XMLTooling.StorageService.MEMCACHE")), memc(nullptr), + m_prefix(XMLHelper::getAttrString(e, nullptr, prefix)), m_lock(Mutex::create()) +{ + memc = memcached_create(nullptr); + if (!memc) + throw XMLToolingException("MemcacheBase::Memcache(): memcached_create() failed"); + m_log.debug("Memcache created"); + + memcached_behavior_set(memc, MEMCACHED_BEHAVIOR_HASH, MEMCACHED_HASH_CRC); + m_log.debug("CRC hash set"); + + int prop = XMLHelper::getAttrInt(e, 999999, sendTimeout); + m_log.debug("MEMCACHED_BEHAVIOR_SND_TIMEOUT will be set to %d", prop); + memcached_behavior_set(memc, MEMCACHED_BEHAVIOR_SND_TIMEOUT, prop); + + prop = XMLHelper::getAttrInt(e, 999999, recvTimeout); + m_log.debug("MEMCACHED_BEHAVIOR_RCV_TIMEOUT will be set to %d", prop); + memcached_behavior_set(memc, MEMCACHED_BEHAVIOR_RCV_TIMEOUT, prop); + + prop = XMLHelper::getAttrInt(e, 1000, pollTimeout); + m_log.debug("MEMCACHED_BEHAVIOR_POLL_TIMEOUT will be set to %d", prop); + memcached_behavior_set(memc, MEMCACHED_BEHAVIOR_POLL_TIMEOUT, prop); + + prop = XMLHelper::getAttrInt(e, 5, failLimit); + m_log.debug("MEMCACHED_BEHAVIOR_SERVER_FAILURE_LIMIT will be set to %d", prop); + memcached_behavior_set(memc, MEMCACHED_BEHAVIOR_SERVER_FAILURE_LIMIT, prop); + + prop = XMLHelper::getAttrInt(e, 30, retryTimeout); + m_log.debug("MEMCACHED_BEHAVIOR_RETRY_TIMEOUT will be set to %d", prop); + memcached_behavior_set(memc, MEMCACHED_BEHAVIOR_RETRY_TIMEOUT, prop); + + prop = XMLHelper::getAttrInt(e, 1, nonBlocking); + m_log.debug("MEMCACHED_BEHAVIOR_NO_BLOCK will be set to %d", prop); + memcached_behavior_set(memc, MEMCACHED_BEHAVIOR_NO_BLOCK, prop); + + // Grab hosts from the configuration. + e = e ? XMLHelper::getFirstChildElement(e, Hosts) : nullptr; + if (!e || !e->hasChildNodes()) { + memcached_free(memc); + throw XMLToolingException("Memcache StorageService requires Hosts element in configuration."); + } + auto_ptr_char h(e->getTextContent()); + m_log.debug("INIT: GOT Hosts: %s", h.get()); + memcached_server_st* servers; + servers = memcached_servers_parse(const_cast(h.get())); + m_log.debug("Got %u hosts.", memcached_server_list_count(servers)); + if (memcached_server_push(memc, servers) != MEMCACHED_SUCCESS) { + memcached_server_list_free(servers); + memcached_free(memc); + throw IOException("MemcacheBase: memcached_server_push() failed"); + } + memcached_server_list_free(servers); + + m_log.debug("Memcache object initialized"); +} + +MemcacheBase::~MemcacheBase() +{ + memcached_free(memc); + m_log.debug("Base object destroyed"); +} + + +bool MemcacheBase::handleError(const char* fn, memcached_return rv) const +{ +#ifdef HAVE_MEMCACHED_LAST_ERROR_MESSAGE + string error = string("Memcache::") + fn + ": " + memcached_last_error_message(memc); +#else + string error; + if (rv == MEMCACHED_ERRNO) { + // System error + error = string("Memcache::") + fn + "SYSTEM ERROR: " + strerror(memc->cached_errno); + } + else { + error = string("Memcache::") + fn + " Problems: " + memcached_strerror(memc, rv); } - log.debug("Unable to get lock %s... Retrying.", lock_name.c_str()); +#endif + m_log.error(error); + throw IOException(error); +} + +bool MemcacheBase::addLock(string what, bool use_prefix) +{ + string lock_name = what + ":LOCK"; + string set_val = "1"; + unsigned tries = 5; + while (!addMemcache(lock_name.c_str(), set_val, 5, 0, use_prefix)) { + if (tries-- == 0) { + m_log.debug("Unable to get lock %s... FAILED.", lock_name.c_str()); + return false; + } + m_log.debug("Unable to get lock %s... Retrying.", lock_name.c_str()); - // sleep 100ms + // sleep 100ms #ifdef WIN32 - Sleep(100); + Sleep(100); #else - struct timeval tv = { 0, 100000 }; - select(0, 0, 0, 0, &tv); + struct timeval tv = { 0, 100000 }; + select(0, 0, 0, 0, &tv); #endif - } - return true; + } + return true; } -void MemcacheBase::deleteLock(string what, bool use_prefix) { - - string lock_name = what + ":LOCK"; - deleteMemcache(lock_name.c_str(), 0, use_prefix); - return; +void MemcacheBase::deleteLock(string what, bool use_prefix) +{ + string lock_name = what + ":LOCK"; + deleteMemcache(lock_name.c_str(), 0, use_prefix); + return; } -void MemcacheBase::deserialize(string &source, mc_record &dest) { - istringstream is(source, stringstream::in | stringstream::out); - is >> dest.expiration; - is.ignore(1); // ignore delimiter - dest.value = is.str().c_str() + is.tellg(); -} - -void MemcacheBase::deserialize(string &source, list &dest) { - istringstream is(source, stringstream::in | stringstream::out); - while (!is.eof()) { - string s; - is >> s; - dest.push_back(s); - } -} - -void MemcacheBase::serialize(mc_record &source, string &dest) { - ostringstream os(stringstream::in | stringstream::out); - os << source.expiration; - os << "-"; // delimiter - os << source.value; - dest = os.str(); -} - -void MemcacheBase::serialize(list &source, string &dest) { - ostringstream os(stringstream::in | stringstream::out); - for(list::iterator iter = source.begin(); iter != source.end(); iter++) { - if (iter != source.begin()) { - os << endl; - } - os << *iter; - } - dest = os.str(); -} - -bool MemcacheBase::addSessionToUser(string &key, string &user) { - - if (! addLock(user, false)) { - return false; - } - - // Aquired lock - - string sessid = m_prefix + key; // add specific prefix to session - string delimiter = ";"; - string user_key = "UDATA:"; - user_key += user; - string user_val; - uint32_t flags; - bool result = getMemcache(user_key.c_str(), user_val, &flags, false); - - if (result) { - bool already_there = false; - // skip delimiters at beginning. - string::size_type lastPos = user_val.find_first_not_of(delimiter, 0); - - // find first "non-delimiter". - string::size_type pos = user_val.find_first_of(delimiter, lastPos); - - while (string::npos != pos || string::npos != lastPos) { - // found a token, add it to the vector. - string session = user_val.substr(lastPos, pos - lastPos); - if (strcmp(session.c_str(), sessid.c_str()) == 0) { - already_there = true; - break; - } - - // skip delimiters. Note the "not_of" - lastPos = user_val.find_first_not_of(delimiter, pos); - - // find next "non-delimiter" - pos = user_val.find_first_of(delimiter, lastPos); +void MemcacheBase::deserialize(string& source, mc_record& dest) +{ + istringstream is(source, stringstream::in | stringstream::out); + is >> dest.expiration; + is.ignore(1); // ignore delimiter + dest.value = is.str().c_str() + is.tellg(); +} + +void MemcacheBase::deserialize(string& source, list& dest) +{ + istringstream is(source, stringstream::in | stringstream::out); + while (!is.eof()) { + string s; + is >> s; + dest.push_back(s); + } +} + +void MemcacheBase::serialize(mc_record& source, string& dest) +{ + ostringstream os(stringstream::in | stringstream::out); + os << source.expiration; + os << "-"; // delimiter + os << source.value; + dest = os.str(); +} + +void MemcacheBase::serialize(list& source, string& dest) +{ + ostringstream os(stringstream::in | stringstream::out); + for(list::iterator iter = source.begin(); iter != source.end(); iter++) { + if (iter != source.begin()) { + os << endl; + } + os << *iter; + } + dest = os.str(); +} + +bool MemcacheBase::deleteMemcache(const char* key, time_t timeout, bool use_prefix) +{ + string final_key; + if (use_prefix) + final_key = m_prefix + key; + else + final_key = key; + + Lock lock(m_lock); + memcached_return rv = memcached_delete(memc, const_cast(final_key.c_str()), final_key.length(), timeout); + + switch (rv) { + case MEMCACHED_SUCCESS: + return true; + case MEMCACHED_NOTFOUND: + // Key wasn't there... No biggie. + return false; + default: + return handleError("deleteMemcache", rv); + } +} + +bool MemcacheBase::getMemcache(const char* key, string& dest, uint32_t* flags, bool use_prefix) +{ + string final_key; + if (use_prefix) + final_key = m_prefix + key; + else + final_key = key; + + Lock lock(m_lock); + size_t len; + memcached_return rv; + char* result = memcached_get(memc, const_cast(final_key.c_str()), final_key.length(), &len, flags, &rv); + + switch (rv) { + case MEMCACHED_SUCCESS: + dest = result; + free(result); + return true; + case MEMCACHED_NOTFOUND: + m_log.debug("Key %s not found in memcache...", key); + return false; + default: + return handleError("getMemcache", rv); + } +} + +bool MemcacheBase::addMemcache(const char* key, string& value, time_t timeout, uint32_t flags, bool use_prefix) +{ + string final_key; + if (use_prefix) + final_key = m_prefix + key; + else + final_key = key; + + Lock lock(m_lock); + memcached_return rv = memcached_add( + memc, const_cast(final_key.c_str()), final_key.length(), const_cast(value.c_str()), value.length(), timeout, flags + ); + + switch (rv) { + case MEMCACHED_SUCCESS: + return true; + case MEMCACHED_NOTSTORED: + return false; + default: + return handleError("addMemcache", rv); + } +} + +bool MemcacheBase::setMemcache(const char* key, string& value, time_t timeout, uint32_t flags, bool use_prefix) +{ + string final_key; + if (use_prefix) + final_key = m_prefix + key; + else + final_key = key; + + Lock lock(m_lock); + memcached_return rv = memcached_set( + memc, const_cast(final_key.c_str()), final_key.length(), const_cast(value.c_str()), value.length(), timeout, flags + ); + + if (rv == MEMCACHED_SUCCESS) + return true; + return handleError("setMemcache", rv); +} + +bool MemcacheBase::replaceMemcache(const char* key, string& value, time_t timeout, uint32_t flags, bool use_prefix) +{ + + string final_key; + if (use_prefix) + final_key = m_prefix + key; + else + final_key = key; + + Lock lock(m_lock); + memcached_return rv = memcached_replace( + memc, const_cast(final_key.c_str()), final_key.length(), const_cast(value.c_str()), value.length(), timeout, flags + ); + + switch (rv) { + case MEMCACHED_SUCCESS: + return true; + case MEMCACHED_NOTSTORED: + // not there + return false; + default: + return handleError("replaceMemcache", rv); } - - if (!already_there) { - user_val += delimiter + sessid; - replaceMemcache(user_key.c_str(), user_val, 0, 0, false); - } - } else { - addMemcache(user_key.c_str(), sessid, 0, 0, false); - } - - deleteLock(user, false); - return true; - } -bool MemcacheBase::deleteMemcache(const char *key, - time_t timeout, - bool use_prefix) { - memcached_return rv; - string final_key; - bool success; - - if (use_prefix) { - final_key = m_prefix + key; - } else { - final_key = key; - } - - m_lock->lock(); - rv = memcached_delete(memc, (char *)final_key.c_str(), final_key.length(), timeout); - m_lock->unlock(); - - if (rv == MEMCACHED_SUCCESS) { - success = true; - } else if (rv == MEMCACHED_NOTFOUND) { - // Key wasn't there... No biggie. - success = false; - } else if (rv == MEMCACHED_ERRNO) { - // System error - string error = string("Memcache::deleteMemcache() SYSTEM ERROR: ") + string(strerror(memc->cached_errno)); - log.error(error); - throw IOException(error); - } else { - string error = string("Memcache::deleteMemcache() Problems: ") + memcached_strerror(memc, rv); - log.error(error); - throw IOException(error); - } - - return success; -} - -bool MemcacheBase::getMemcache(const char *key, - string &dest, - uint32_t *flags, - bool use_prefix) { - memcached_return rv; - size_t len; - char *result; - string final_key; - bool success; - - if (use_prefix) { - final_key = m_prefix + key; - } else { - final_key = key; - } - - m_lock->lock(); - result = memcached_get(memc, (char *)final_key.c_str(), final_key.length(), &len, flags, &rv); - m_lock->unlock(); - - if (rv == MEMCACHED_SUCCESS) { - dest = result; - free(result); - success = true; - } else if (rv == MEMCACHED_NOTFOUND) { - log.debug("Key %s not found in memcache...", key); - success = false; - } else if (rv == MEMCACHED_ERRNO) { - // System error - string error = string("Memcache::getMemcache() SYSTEM ERROR: ") + string(strerror(memc->cached_errno)); - log.error(error); - throw IOException(error); - } else { - string error = string("Memcache::getMemcache() Problems: ") + memcached_strerror(memc, rv); - log.error(error); - throw IOException(error); - } - - return success; -} - -bool MemcacheBase::addMemcache(const char *key, - string &value, - time_t timeout, - uint32_t flags, - bool use_prefix) { - - memcached_return rv; - string final_key; - bool success; - - if (use_prefix) { - final_key = m_prefix + key; - } else { - final_key = key; - } - - m_lock->lock(); - rv = memcached_add(memc, (char *)final_key.c_str(), final_key.length(), (char *)value.c_str(), value.length(), timeout, flags); - m_lock->unlock(); - - if (rv == MEMCACHED_SUCCESS) { - success = true; - } else if (rv == MEMCACHED_NOTSTORED) { - // already there - success = false; - } else if (rv == MEMCACHED_ERRNO) { - // System error - string error = string("Memcache::addMemcache() SYSTEM ERROR: ") + string(strerror(memc->cached_errno)); - log.error(error); - throw IOException(error); - } else { - string error = string("Memcache::addMemcache() Problems: ") + memcached_strerror(memc, rv); - log.error(error); - throw IOException(error); - } - - return success; -} - -bool MemcacheBase::setMemcache(const char *key, - string &value, - time_t timeout, - uint32_t flags, - bool use_prefix) { - - memcached_return rv; - string final_key; - bool success; - - if (use_prefix) { - final_key = m_prefix + key; - } else { - final_key = key; - } - - m_lock->lock(); - rv = memcached_set(memc, (char *)final_key.c_str(), final_key.length(), (char *)value.c_str(), value.length(), timeout, flags); - m_lock->unlock(); - - if (rv == MEMCACHED_SUCCESS) { - success = true; - } else if (rv == MEMCACHED_ERRNO) { - // System error - string error = string("Memcache::setMemcache() SYSTEM ERROR: ") + string(strerror(memc->cached_errno)); - log.error(error); - throw IOException(error); - } else { - string error = string("Memcache::setMemcache() Problems: ") + memcached_strerror(memc, rv); - log.error(error); - throw IOException(error); - } - - return success; -} - -bool MemcacheBase::replaceMemcache(const char *key, - string &value, - time_t timeout, - uint32_t flags, - bool use_prefix) { - - memcached_return rv; - string final_key; - bool success; - - if (use_prefix) { - final_key = m_prefix + key; - } else { - final_key = key; - } - - m_lock->lock(); - rv = memcached_replace(memc, (char *)final_key.c_str(), final_key.length(), (char *)value.c_str(), value.length(), timeout, flags); - m_lock->unlock(); - - if (rv == MEMCACHED_SUCCESS) { - success = true; - } else if (rv == MEMCACHED_NOTSTORED) { - // not there - success = false; - } else if (rv == MEMCACHED_ERRNO) { - // System error - string error = string("Memcache::replaceMemcache() SYSTEM ERROR: ") + string(strerror(memc->cached_errno)); - log.error(error); - throw IOException(error); - } else { - string error = string("Memcache::replaceMemcache() Problems: ") + memcached_strerror(memc, rv); - log.error(error); - throw IOException(error); - } - - return success; -} - -MemcacheBase::MemcacheBase(const DOMElement* e) : m_root(e), log(Category::getInstance("XMLTooling.MemcacheBase")), m_prefix("") { - - auto_ptr_char p(e ? e->getAttributeNS(nullptr,prefix) : nullptr); - if (p.get() && *p.get()) { - log.debug("INIT: GOT key prefix: %s", p.get()); - m_prefix = p.get(); - } - - m_lock = Mutex::create(); - log.debug("Lock created"); - - memc = memcached_create(nullptr); - if (memc == nullptr) { - throw XMLToolingException("MemcacheBase::Memcache(): memcached_create() failed"); - } - - log.debug("Memcache created"); - - unsigned int hash = MEMCACHED_HASH_CRC; - memcached_behavior_set(memc, MEMCACHED_BEHAVIOR_HASH, hash); - log.debug("CRC hash set"); - - int32_t send_timeout = 999999; - const XMLCh* tag = e ? e->getAttributeNS(nullptr, sendTimeout) : nullptr; - if (tag && *tag) { - send_timeout = XMLString::parseInt(tag); - } - log.debug("MEMCACHED_BEHAVIOR_SND_TIMEOUT will be set to %d", send_timeout); - memcached_behavior_set(memc, MEMCACHED_BEHAVIOR_SND_TIMEOUT, send_timeout); - - int32_t recv_timeout = 999999; - tag = e ? e->getAttributeNS(nullptr, sendTimeout) : nullptr; - if (tag && *tag) { - recv_timeout = XMLString::parseInt(tag); - } - log.debug("MEMCACHED_BEHAVIOR_RCV_TIMEOUT will be set to %d", recv_timeout); - memcached_behavior_set(memc, MEMCACHED_BEHAVIOR_RCV_TIMEOUT, recv_timeout); - - int32_t poll_timeout = 1000; - tag = e ? e->getAttributeNS(nullptr, pollTimeout) : nullptr; - if (tag && *tag) { - poll_timeout = XMLString::parseInt(tag); - } - log.debug("MEMCACHED_BEHAVIOR_POLL_TIMEOUT will be set to %d", poll_timeout); - memcached_behavior_set(memc, MEMCACHED_BEHAVIOR_POLL_TIMEOUT, poll_timeout); - - int32_t fail_limit = 5; - tag = e ? e->getAttributeNS(nullptr, failLimit) : nullptr; - if (tag && *tag) { - fail_limit = XMLString::parseInt(tag); - } - log.debug("MEMCACHED_BEHAVIOR_SERVER_FAILURE_LIMIT will be set to %d", fail_limit); - memcached_behavior_set(memc, MEMCACHED_BEHAVIOR_SERVER_FAILURE_LIMIT, fail_limit); - - int32_t retry_timeout = 30; - tag = e ? e->getAttributeNS(nullptr, retryTimeout) : nullptr; - if (tag && *tag) { - retry_timeout = XMLString::parseInt(tag); - } - log.debug("MEMCACHED_BEHAVIOR_RETRY_TIMEOUT will be set to %d", retry_timeout); - memcached_behavior_set(memc, MEMCACHED_BEHAVIOR_RETRY_TIMEOUT, retry_timeout); - - int32_t nonblock_set = 1; - tag = e ? e->getAttributeNS(nullptr, nonBlocking) : nullptr; - if (tag && *tag) { - nonblock_set = XMLString::parseInt(tag); - } - log.debug("MEMCACHED_BEHAVIOR_NO_BLOCK will be set to %d", nonblock_set); - memcached_behavior_set(memc, MEMCACHED_BEHAVIOR_NO_BLOCK, nonblock_set); - - // Grab hosts from the configuration. - e = e ? XMLHelper::getFirstChildElement(e,Hosts) : nullptr; - if (!e || !e->hasChildNodes()) { - throw XMLToolingException("Memcache StorageService requires Hosts element in configuration."); - } - auto_ptr_char h(e->getFirstChild()->getNodeValue()); - log.debug("INIT: GOT Hosts: %s", h.get()); - memcached_server_st *servers; - servers = memcached_servers_parse(const_cast(h.get())); - log.debug("Got %u hosts.", memcached_server_list_count(servers)); - if (memcached_server_push(memc, servers) != MEMCACHED_SUCCESS) { - throw IOException("MemcacheBase::Memcache(): memcached_server_push() failed"); - } - memcached_server_list_free(servers); - - log.debug("Memcache object initialized"); -} - -MemcacheBase::~MemcacheBase() { - memcached_free(memc); - delete m_lock; - log.debug("Base object destroyed"); -} MemcacheStorageService::MemcacheStorageService(const DOMElement* e) - : MemcacheBase(e), m_log(Category::getInstance("XMLTooling.MemcacheStorageService")), m_buildMap(false) { - - const XMLCh* tag=e ? e->getAttributeNS(nullptr,buildMap) : nullptr; - if (tag && *tag && XMLString::parseInt(tag) != 0) { - m_buildMap = true; + : MemcacheBase(e), m_caps(80, 250 - m_prefix.length() - 1 - 80, 255), + m_buildMap(XMLHelper::getAttrBool(e, false, buildMap)) +{ + if (m_buildMap) m_log.debug("Cache built with buildMap ON"); - } - -} - -MemcacheStorageService::~MemcacheStorageService() { - - } -bool MemcacheStorageService::createString(const char* context, const char* key, const char* value, time_t expiration) { +bool MemcacheStorageService::createString(const char* context, const char* key, const char* value, time_t expiration) +{ + m_log.debug("createString ctx: %s - key: %s", context, key); + + string final_key = string(context) + ":" + string(key); + + mc_record rec(value, expiration); + string final_value; + serialize(rec, final_value); + + bool result = addMemcache(final_key.c_str(), final_value, expiration, 1); // the flag will be the version + + if (result && m_buildMap) { + m_log.debug("Got result, updating map"); + + string map_name = context; + // we need to update the context map + if (!addLock(map_name)) { + m_log.error("Unable to get lock for context %s!", context); + deleteMemcache(final_key.c_str(), 0); + return false; + } + + string ser_arr; + uint32_t flags; + bool result = getMemcache(map_name.c_str(), ser_arr, &flags); + + list contents; + if (result) { + m_log.debug("Match found. Parsing..."); + deserialize(ser_arr, contents); + if (m_log.isDebugEnabled()) { + m_log.debug("Iterating retrieved session map..."); + for(list::const_iterator iter = contents.begin(); iter != contents.end(); ++iter) + m_log.debug("value = %s", iter->c_str()); + } + } + else { + m_log.debug("New context: %s", map_name.c_str()); + } + + contents.push_back(key); + serialize(contents, ser_arr); + setMemcache(map_name.c_str(), ser_arr, expiration, 0); + deleteLock(map_name); + } + return result; +} + +int MemcacheStorageService::readString(const char* context, const char* key, string* pvalue, time_t* pexpiration, int version) +{ + m_log.debug("readString ctx: %s - key: %s", context, key); - log.debug("createString ctx: %s - key: %s", context, key); - - string final_key = string(context) + ":" + string(key); - - mc_record rec(value, expiration); - string final_value; - serialize(rec, final_value); - - bool result = addMemcache(final_key.c_str(), final_value, expiration, 1); // the flag will be the version - - if (result && m_buildMap) { - log.debug("Got result, updating map"); + string final_key = string(context) + ":" + string(key); + uint32_t rec_version; + string value; - string map_name = context; - // we need to update the context map - if (! addLock(map_name)) { - log.error("Unable to get lock for context %s!", context); - deleteMemcache(final_key.c_str(), 0); - return false; + if (m_buildMap) { + m_log.debug("Checking context"); + string map_name = context; + string ser_arr; + uint32_t flags; + bool ctx_found = getMemcache(map_name.c_str(), ser_arr, &flags); + if (!ctx_found) + return 0; } - string ser_arr; - uint32_t flags; - bool result = getMemcache(map_name.c_str(), ser_arr, &flags); - - list contents; - if (result) { - log.debug("Match found. Parsing..."); - - deserialize(ser_arr, contents); - - log.debug("Iterating retrieved session map..."); - list::iterator iter; - for(iter = contents.begin(); - iter != contents.end(); - iter++) { - log.debug("value = " + *iter); - } - - } else { - log.debug("New context: %s", map_name.c_str()); + bool found = getMemcache(final_key.c_str(), value, &rec_version); + if (!found) + return 0; - } + if (version && rec_version <= (uint32_t)version) + return version; - contents.push_back(key); - serialize(contents, ser_arr); - setMemcache(map_name.c_str(), ser_arr, expiration, 0); + if (pexpiration || pvalue) { + mc_record rec; + deserialize(value, rec); - deleteLock(map_name); - } - - return result; - -} - -int MemcacheStorageService::readString(const char* context, const char* key, string* pvalue, time_t* pexpiration, int version) { - - log.debug("readString ctx: %s - key: %s", context, key); - - string final_key = string(context) + ":" + string(key); - uint32_t rec_version; - string value; - - if (m_buildMap) { - log.debug("Checking context"); - - string map_name = context; - string ser_arr; - uint32_t flags; - bool ctx_found = getMemcache(map_name.c_str(), ser_arr, &flags); - - if (!ctx_found) { - return 0; - } - } - - bool found = getMemcache(final_key.c_str(), value, &rec_version); - if (!found) { - return 0; - } - - if (version && rec_version <= (uint32_t)version) { - return version; - } - - if (pexpiration || pvalue) { - mc_record rec; - deserialize(value, rec); + if (pexpiration) + *pexpiration = rec.expiration; - if (pexpiration) { - *pexpiration = rec.expiration; + if (pvalue) + *pvalue = rec.value; } - - if (pvalue) { - *pvalue = rec.value; - } - } - return rec_version; - + return rec_version; } -int MemcacheStorageService::updateString(const char* context, const char* key, const char* value, time_t expiration, int version) { - - log.debug("updateString ctx: %s - key: %s", context, key); - - time_t final_exp = expiration; - time_t *want_expiration = nullptr; - if (! final_exp) { - want_expiration = &final_exp; - } +int MemcacheStorageService::updateString(const char* context, const char* key, const char* value, time_t expiration, int version) +{ + m_log.debug("updateString ctx: %s - key: %s", context, key); - int read_res = readString(context, key, nullptr, want_expiration, version); + time_t final_exp = expiration; + time_t* want_expiration = nullptr; + if (!final_exp) + want_expiration = &final_exp; - if (!read_res) { - // not found - return read_res; - } + int read_res = readString(context, key, nullptr, want_expiration, version); - if (version && version != read_res) { - // version incorrect - return -1; - } + if (!read_res) { + // not found + return read_res; + } - // Proceding with update - string final_key = string(context) + ":" + string(key); - mc_record rec(value, final_exp); - string final_value; - serialize(rec, final_value); + if (version && version != read_res) { + // version incorrect + return -1; + } - replaceMemcache(final_key.c_str(), final_value, final_exp, ++version); - return version; + // Proceding with update + string final_key = string(context) + ":" + string(key); + mc_record rec(value, final_exp); + string final_value; + serialize(rec, final_value); + replaceMemcache(final_key.c_str(), final_value, final_exp, ++version); + return version; } -bool MemcacheStorageService::deleteString(const char* context, const char* key) { - - log.debug("deleteString ctx: %s - key: %s", context, key); +bool MemcacheStorageService::deleteString(const char* context, const char* key) +{ + m_log.debug("deleteString ctx: %s - key: %s", context, key); - string final_key = string(context) + ":" + string(key); - - // Not updating context map, if there is one. There is no need. - - return deleteMemcache(final_key.c_str(), 0); + string final_key = string(context) + ":" + string(key); + // Not updating context map, if there is one. There is no need. + return deleteMemcache(final_key.c_str(), 0); } -void MemcacheStorageService::updateContext(const char* context, time_t expiration) { +void MemcacheStorageService::updateContext(const char* context, time_t expiration) +{ - log.debug("updateContext ctx: %s", context); + m_log.debug("updateContext ctx: %s", context); - if (!m_buildMap) { - log.error("updateContext invoked on a Storage with no context map built!"); - return; - } + if (!m_buildMap) { + m_log.error("updateContext invoked on a Storage with no context map built!"); + return; + } - string map_name = context; - string ser_arr; - uint32_t flags; - bool result = getMemcache(map_name.c_str(), ser_arr, &flags); + string map_name = context; + string ser_arr; + uint32_t flags; + bool result = getMemcache(map_name.c_str(), ser_arr, &flags); - list contents; - if (result) { - log.debug("Match found. Parsing..."); - - deserialize(ser_arr, contents); + list contents; + if (result) { + m_log.debug("Match found. Parsing..."); + deserialize(ser_arr, contents); - log.debug("Iterating retrieved session map..."); - list::iterator iter; - for(iter = contents.begin(); - iter != contents.end(); - iter++) { - - // Update expiration times - string value; - int read_res = readString(context, iter->c_str(), &value, nullptr, 0); - - if (!read_res) { - // not found - continue; - } + m_log.debug("Iterating retrieved session map..."); + for(list::const_iterator iter = contents.begin(); iter != contents.end(); ++iter) { + // Update expiration times + string value; + int read_res = readString(context, iter->c_str(), &value, nullptr, 0); + if (!read_res) { + // not found + continue; + } - updateString(context, iter->c_str(), value.c_str(), expiration, read_res); + updateString(context, iter->c_str(), value.c_str(), expiration, read_res); + } + replaceMemcache(map_name.c_str(), ser_arr, expiration, flags); } - replaceMemcache(map_name.c_str(), ser_arr, expiration, flags); - } - } -void MemcacheStorageService::deleteContext(const char* context) { +void MemcacheStorageService::deleteContext(const char* context) +{ - log.debug("deleteContext ctx: %s", context); + m_log.debug("deleteContext ctx: %s", context); - if (!m_buildMap) { - log.error("deleteContext invoked on a Storage with no context map built!"); - return; - } + if (!m_buildMap) { + m_log.error("deleteContext invoked on a Storage with no context map built!"); + return; + } - string map_name = context; - string ser_arr; - uint32_t flags; - bool result = getMemcache(map_name.c_str(), ser_arr, &flags); + string map_name = context; + string ser_arr; + uint32_t flags; + bool result = getMemcache(map_name.c_str(), ser_arr, &flags); - list contents; - if (result) { - log.debug("Match found. Parsing..."); + list contents; + if (result) { + m_log.debug("Match found. Parsing..."); + deserialize(ser_arr, contents); - deserialize(ser_arr, contents); + m_log.debug("Iterating retrieved session map..."); + for (list::const_iterator iter = contents.begin(); iter != contents.end(); ++iter) { + string final_key = map_name + *iter; + deleteMemcache(final_key.c_str(), 0); + } - log.debug("Iterating retrieved session map..."); - list::iterator iter; - for(iter = contents.begin(); - iter != contents.end(); - iter++) { - string final_key = map_name + *iter; - deleteMemcache(final_key.c_str(), 0); + deleteMemcache(map_name.c_str(), 0); } - - deleteMemcache(map_name.c_str(), 0); - } - } extern "C" int MCEXT_EXPORTS xmltooling_extension_init(void*) { diff -Nru shibboleth-sp2-2.4.3+dfsg/memcache-store/memcache-store.rc shibboleth-sp2-2.5.2+dfsg/memcache-store/memcache-store.rc --- shibboleth-sp2-2.4.3+dfsg/memcache-store/memcache-store.rc 2011-06-28 00:39:28.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/memcache-store/memcache-store.rc 2013-05-19 23:35:08.000000000 +0000 @@ -53,8 +53,8 @@ // VS_VERSION_INFO VERSIONINFO - FILEVERSION 2,4,3,0 - PRODUCTVERSION 2,4,3,0 + FILEVERSION 2,5,2,0 + PRODUCTVERSION 2,5,2,0 FILEFLAGSMASK 0x17L #ifdef _DEBUG FILEFLAGS 0x1L @@ -69,14 +69,14 @@ BEGIN BLOCK "040904b0" BEGIN - VALUE "CompanyName", "UCAID\0" + VALUE "CompanyName", "Shibboleth Consortium\0" VALUE "FileDescription", "Shibboleth Memcache Storage Service Plugin\0" - VALUE "FileVersion", "2, 4, 3, 0\0" + VALUE "FileVersion", "2, 5, 2, 0\0" VALUE "InternalName", "memcache-store\0" - VALUE "LegalCopyright", "Copyright © 2011 UCAID\0" + VALUE "LegalCopyright", "Copyright © 2013 UCAID\0" VALUE "OriginalFilename", "memcache-store.so\0" - VALUE "ProductName", "Shibboleth 2.4.3\0" - VALUE "ProductVersion", "2, 4, 3, 0\0" + VALUE "ProductName", "Shibboleth 2.5.2\0" + VALUE "ProductVersion", "2, 5, 2, 0\0" END END BLOCK "VarFileInfo" diff -Nru shibboleth-sp2-2.4.3+dfsg/memcache-store/memcache-store.vcxproj shibboleth-sp2-2.5.2+dfsg/memcache-store/memcache-store.vcxproj --- shibboleth-sp2-2.4.3+dfsg/memcache-store/memcache-store.vcxproj 2011-06-28 00:39:28.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/memcache-store/memcache-store.vcxproj 2013-05-23 16:57:05.000000000 +0000 @@ -58,16 +58,15 @@ + + + <_ProjectFileVersion>10.0.30319.1 - $(SolutionDir)$(Configuration)\ - $(Configuration)\ true $(SolutionDir)$(Platform)\$(Configuration)\ $(Platform)\$(Configuration)\ true - $(SolutionDir)$(Configuration)\ - $(Configuration)\ false $(SolutionDir)$(Platform)\$(Configuration)\ $(Platform)\$(Configuration)\ @@ -92,7 +91,7 @@ Disabled - .;..;..\..\cpp-xmltooling;..\..\..\cvs\libmemcached;%(AdditionalIncludeDirectories) + .;..;..\..\cpp-xmltooling;$(BuildRoot)\libmemcached;%(AdditionalIncludeDirectories) WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions) MultiThreadedDebugDLL true @@ -104,7 +103,7 @@ log4shib1D.lib;xerces-c_3D.lib;xmltooling1D.lib;memcached.lib;%(AdditionalDependencies) - ..\..\cpp-xmltooling\$(Configuration);..\..\..\cvs\libmemcached\visualc\$(Configuration);%(AdditionalLibraryDirectories) + ..\..\cpp-xmltooling\$(Configuration);$(BuildRoot)\libmemcached\visualc\$(Configuration);%(AdditionalLibraryDirectories) true Windows @@ -117,7 +116,7 @@ Disabled - ..\..\cpp-xmltooling;..\..\..\cvs\libmemcached\visualc\toolset;%(AdditionalIncludeDirectories) + ..\..\cpp-xmltooling;..\..\..\libmemcached\visualc\toolset;%(AdditionalIncludeDirectories) WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions) MultiThreadedDebugDLL true @@ -138,13 +137,13 @@ - .;..;..\..\cpp-xmltooling;..\..\..\cvs\libmemcached;%(AdditionalIncludeDirectories) + .;..;..\..\cpp-xmltooling;$(BuildRoot)\libmemcached;%(AdditionalIncludeDirectories) WIN32;NDEBUG;_WINDOWS;%(PreprocessorDefinitions) Level3 log4shib1.lib;xerces-c_3.lib;xmltooling1.lib;memcached.lib;%(AdditionalDependencies) - ..\..\cpp-xmltooling\$(Configuration);..\..\..\cvs\libmemcached\visualc\$(Configuration);%(AdditionalLibraryDirectories) + ..\..\cpp-xmltooling\$(Configuration);$(BuildRoot)\libmemcached\visualc\$(Configuration);%(AdditionalLibraryDirectories) Windows true true @@ -158,7 +157,7 @@ X64 - ..\..\cpp-xmltooling;..\..\..\cvs\libmemcached\visualc\toolset;%(AdditionalIncludeDirectories) + ..\..\cpp-xmltooling;..\..\..\libmemcached\visualc\toolset;%(AdditionalIncludeDirectories) WIN32;NDEBUG;_WINDOWS;%(PreprocessorDefinitions) Level3 @@ -194,4 +193,4 @@ - \ No newline at end of file + diff -Nru shibboleth-sp2-2.4.3+dfsg/nsapi_shib/Makefile.am shibboleth-sp2-2.5.2+dfsg/nsapi_shib/Makefile.am --- shibboleth-sp2-2.4.3+dfsg/nsapi_shib/Makefile.am 2011-06-28 00:39:26.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/nsapi_shib/Makefile.am 2012-07-23 20:08:22.000000000 +0000 @@ -1,7 +1,7 @@ AUTOMAKE_OPTIONS = foreign if BUILD_NSAPI -nsapi_shibdir = $(libdir)/@PACKAGE@ +nsapi_shibdir = $(libdir)/@PACKAGE_NAME@ nsapi_shib_LTLIBRARIES = nsapi_shib.la nsapi_shib_la_SOURCES = nsapi_shib.cpp nsapi_shib_la_CXXFLAGS = $(NSAPI_INCLUDE) @@ -9,7 +9,7 @@ nsapi_shib_la_LIBADD = $(LITE_LIBS) \ $(top_builddir)/shibsp/libshibsp-lite.la -install-exec-hook: +install-data-hook: for la in $(nsapi_shib_LTLIBRARIES) ; do rm -f $(DESTDIR)$(nsapi_shibdir)/$$la ; done endif diff -Nru shibboleth-sp2-2.4.3+dfsg/nsapi_shib/Makefile.in shibboleth-sp2-2.5.2+dfsg/nsapi_shib/Makefile.in --- shibboleth-sp2-2.4.3+dfsg/nsapi_shib/Makefile.in 2011-06-28 01:29:28.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/nsapi_shib/Makefile.in 2013-06-16 22:06:20.000000000 +0000 @@ -1,9 +1,8 @@ -# Makefile.in generated by automake 1.11.1 from Makefile.am. +# Makefile.in generated by automake 1.12.6 from Makefile.am. # @configure_input@ -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, -# Inc. +# Copyright (C) 1994-2012 Free Software Foundation, Inc. + # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,6 +15,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -35,13 +51,15 @@ build_triplet = @build@ host_triplet = @host@ subdir = nsapi_shib -DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ + $(top_srcdir)/build-aux/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/acinclude.m4 \ - $(top_srcdir)/m4/acx_pthread.m4 $(top_srcdir)/m4/doxygen.m4 \ - $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ - $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ - $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac + $(top_srcdir)/m4/acx_pthread.m4 $(top_srcdir)/m4/boost.m4 \ + $(top_srcdir)/m4/doxygen.m4 $(top_srcdir)/m4/libtool.m4 \ + $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ + $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ + $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d @@ -70,6 +88,12 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } am__installdirs = "$(DESTDIR)$(nsapi_shibdir)" LTLIBRARIES = $(nsapi_shib_LTLIBRARIES) am__DEPENDENCIES_1 = @@ -98,6 +122,11 @@ $(LDFLAGS) -o $@ SOURCES = $(nsapi_shib_la_SOURCES) DIST_SOURCES = $(am__nsapi_shib_la_SOURCES_DIST) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -112,6 +141,9 @@ APXS22 = @APXS22@ APXS22_CFLAGS = @APXS22_CFLAGS@ APXS22_INCLUDE = @APXS22_INCLUDE@ +APXS24 = @APXS24@ +APXS24_CFLAGS = @APXS24_CFLAGS@ +APXS24_INCLUDE = @APXS24_INCLUDE@ APXS2_CFLAGS = @APXS2_CFLAGS@ APXS2_INCLUDE = @APXS2_INCLUDE@ APXS_CFLAGS = @APXS_CFLAGS@ @@ -121,6 +153,8 @@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ +BOOST_CPPFLAGS = @BOOST_CPPFLAGS@ +BOOST_ROOT = @BOOST_ROOT@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ @@ -133,6 +167,7 @@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ +DISTCHECK_CONFIGURE_FLAGS = @DISTCHECK_CONFIGURE_FLAGS@ DLLTOOL = @DLLTOOL@ DOXYGEN_PAPER_SIZE = @DOXYGEN_PAPER_SIZE@ DSYMUTIL = @DSYMUTIL@ @@ -280,7 +315,7 @@ top_srcdir = @top_srcdir@ xs = @xs@ AUTOMAKE_OPTIONS = foreign -@BUILD_NSAPI_TRUE@nsapi_shibdir = $(libdir)/@PACKAGE@ +@BUILD_NSAPI_TRUE@nsapi_shibdir = $(libdir)/@PACKAGE_NAME@ @BUILD_NSAPI_TRUE@nsapi_shib_LTLIBRARIES = nsapi_shib.la @BUILD_NSAPI_TRUE@nsapi_shib_la_SOURCES = nsapi_shib.cpp @BUILD_NSAPI_TRUE@nsapi_shib_la_CXXFLAGS = $(NSAPI_INCLUDE) @@ -325,7 +360,6 @@ $(am__aclocal_m4_deps): install-nsapi_shibLTLIBRARIES: $(nsapi_shib_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(nsapi_shibdir)" || $(MKDIR_P) "$(DESTDIR)$(nsapi_shibdir)" @list='$(nsapi_shib_LTLIBRARIES)'; test -n "$(nsapi_shibdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -333,6 +367,8 @@ else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(nsapi_shibdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(nsapi_shibdir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(nsapi_shibdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(nsapi_shibdir)"; \ } @@ -348,13 +384,15 @@ clean-nsapi_shibLTLIBRARIES: -test -z "$(nsapi_shib_LTLIBRARIES)" || rm -f $(nsapi_shib_LTLIBRARIES) - @list='$(nsapi_shib_LTLIBRARIES)'; for p in $$list; do \ - dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ - test "$$dir" != "$$p" || dir=.; \ - echo "rm -f \"$${dir}/so_locations\""; \ - rm -f "$${dir}/so_locations"; \ - done -nsapi_shib.la: $(nsapi_shib_la_OBJECTS) $(nsapi_shib_la_DEPENDENCIES) + @list='$(nsapi_shib_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } +nsapi_shib.la: $(nsapi_shib_la_OBJECTS) $(nsapi_shib_la_DEPENDENCIES) $(EXTRA_nsapi_shib_la_DEPENDENCIES) $(nsapi_shib_la_LINK) $(am_nsapi_shib_la_rpath) $(nsapi_shib_la_OBJECTS) $(nsapi_shib_la_LIBADD) $(LIBS) mostlyclean-compile: @@ -448,6 +486,20 @@ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: $(HEADERS) $(SOURCES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -498,10 +550,15 @@ installcheck: installcheck-am install-strip: - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - `test -z '$(STRIP)' || \ - echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi mostlyclean-generic: clean-generic: @@ -513,7 +570,7 @@ maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -@BUILD_NSAPI_FALSE@install-exec-hook: +@BUILD_NSAPI_FALSE@install-data-hook: clean: clean-am clean-am: clean-generic clean-libtool clean-nsapi_shibLTLIBRARIES \ @@ -538,14 +595,14 @@ info-am: install-data-am: install-nsapi_shibLTLIBRARIES - + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-dvi: install-dvi-am install-dvi-am: install-exec-am: - @$(NORMAL_INSTALL) - $(MAKE) $(AM_MAKEFLAGS) install-exec-hook + install-html: install-html-am install-html-am: @@ -586,24 +643,25 @@ uninstall-am: uninstall-nsapi_shibLTLIBRARIES -.MAKE: install-am install-exec-am install-strip +.MAKE: install-am install-data-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-nsapi_shibLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-exec-hook \ - install-html install-html-am install-info install-info-am \ - install-man install-nsapi_shibLTLIBRARIES install-pdf \ - install-pdf-am install-ps install-ps-am install-strip \ - installcheck installcheck-am installdirs maintainer-clean \ + clean-libtool clean-nsapi_shibLTLIBRARIES cscopelist ctags \ + distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-data-hook install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man \ + install-nsapi_shibLTLIBRARIES install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-nsapi_shibLTLIBRARIES -@BUILD_NSAPI_TRUE@install-exec-hook: +@BUILD_NSAPI_TRUE@install-data-hook: @BUILD_NSAPI_TRUE@ for la in $(nsapi_shib_LTLIBRARIES) ; do rm -f $(DESTDIR)$(nsapi_shibdir)/$$la ; done # Tell versions [3.59,3.63) of GNU make to not export all variables. diff -Nru shibboleth-sp2-2.4.3+dfsg/nsapi_shib/nsapi_shib.cpp shibboleth-sp2-2.5.2+dfsg/nsapi_shib/nsapi_shib.cpp --- shibboleth-sp2-2.4.3+dfsg/nsapi_shib/nsapi_shib.cpp 2011-06-28 00:39:26.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/nsapi_shib/nsapi_shib.cpp 2012-07-23 20:08:22.000000000 +0000 @@ -47,8 +47,8 @@ #include #include #include -#include #include +#include #include #include #include @@ -73,6 +73,7 @@ using namespace shibsp; using namespace xmltooling; +using namespace boost; using namespace std; // macros to output text to client @@ -159,7 +160,7 @@ if (!g_Config->instantiate(pblock_findval("shib-config",pb), true)) throw runtime_error("unknown error"); } - catch (exception& ex) { + catch (std::exception& ex) { pblock_nvinsert("error",ex.what(),pb); g_Config->term(); g_Config=nullptr; @@ -190,9 +191,8 @@ unsigned int randkey=0,randkey2=0,randkey3=0,randkey4=0; if (rand_s(&randkey) == 0 && rand_s(&randkey2) == 0 && rand_s(&randkey3) == 0 && rand_s(&randkey4) == 0) { _set_invalid_parameter_handler(old); - ostringstream keystr; - keystr << randkey << randkey2 << randkey3 << randkey4; - g_spoofKey = keystr.str(); + g_spoofKey = lexical_cast(randkey) + lexical_cast(randkey2) + + lexical_cast(randkey3) + lexical_cast(randkey4); } else { _set_invalid_parameter_handler(old); @@ -448,8 +448,8 @@ HTTPResponse::sendRedirect(url); param_free(pblock_remove("content-type", m_rq->srvhdrs)); pblock_nninsert("content-length", 0, m_rq->srvhdrs); - pblock_nvinsert("expires", "01-Jan-1997 12:00:00 GMT", m_rq->srvhdrs); - pblock_nvinsert("cache-control", "private,no-store,no-cache", m_rq->srvhdrs); + pblock_nvinsert("expires", "Wed, 01 Jan 1997 12:00:00 GMT", m_rq->srvhdrs); + pblock_nvinsert("cache-control", "private,no-store,no-cache,max-age=0", m_rq->srvhdrs); pblock_nvinsert("location", url, m_rq->srvhdrs); pblock_nvinsert("connection","close",m_rq->srvhdrs); protocol_status(m_sn, m_rq, PROTOCOL_REDIRECT, nullptr); @@ -481,9 +481,9 @@ #define FUNC "shibboleth" extern "C" NSAPI_PUBLIC int nsapi_shib(pblock* pb, ::Session* sn, Request* rq) { - ostringstream threadid; - threadid << "[" << getpid() << "] nsapi_shib" << '\0'; - xmltooling::NDC ndc(threadid.str().c_str()); + string threadid("["); + threadid += lexical_cast(getpid()) + "] nsapi_shib"; + xmltooling::NDC ndc(threadid.c_str()); try { ShibTargetNSAPI stn(pb, sn, rq); @@ -510,7 +510,7 @@ // this user is ok. return REQ_PROCEED; } - catch (exception& e) { + catch (std::exception& e) { log_error(LOG_FAILURE,FUNC,sn,rq,const_cast(e.what())); return WriteClientError(sn, rq, FUNC, "Shibboleth module threw an exception, see web server log for error."); } @@ -527,9 +527,9 @@ #define FUNC "shib_handler" extern "C" NSAPI_PUBLIC int shib_handler(pblock* pb, ::Session* sn, Request* rq) { - ostringstream threadid; - threadid << "[" << getpid() << "] shib_handler" << '\0'; - xmltooling::NDC ndc(threadid.str().c_str()); + string threadid("["); + threadid += lexical_cast(getpid()) + "] shib_handler"; + xmltooling::NDC ndc(threadid.c_str()); try { ShibTargetNSAPI stn(pb, sn, rq); @@ -539,7 +539,7 @@ return WriteClientError(sn, rq, FUNC, "Shibboleth handler did not do anything."); } - catch (exception& e) { + catch (std::exception& e) { log_error(LOG_FAILURE,FUNC,sn,rq,const_cast(e.what())); return WriteClientError(sn, rq, FUNC, "Shibboleth handler threw an exception, see web server log for error."); } @@ -556,7 +556,7 @@ { public: SunRequestMapper(const xercesc::DOMElement* e); - ~SunRequestMapper() { delete m_mapper; delete m_stKey; delete m_propsKey; } + ~SunRequestMapper() {} Lockable* lock() { return m_mapper->lock(); } void unlock() { m_stKey->setData(nullptr); m_propsKey->setData(nullptr); m_mapper->unlock(); } Settings getSettings(const HTTPRequest& request) const; @@ -573,9 +573,8 @@ const xercesc::DOMElement* getElement() const; private: - RequestMapper* m_mapper; - ThreadKey* m_stKey; - ThreadKey* m_propsKey; + scoped_ptr m_mapper; + scoped_ptr m_stKey, m_propsKey; }; RequestMapper* SunRequestMapFactory(const xercesc::DOMElement* const & e) @@ -583,11 +582,11 @@ return new SunRequestMapper(e); } -SunRequestMapper::SunRequestMapper(const xercesc::DOMElement* e) : m_mapper(nullptr), m_stKey(nullptr), m_propsKey(nullptr) +SunRequestMapper::SunRequestMapper(const xercesc::DOMElement* e) + : m_mapper(SPConfig::getConfig().RequestMapperManager.newPlugin(XML_REQUEST_MAPPER,e)), + m_stKey(ThreadKey::create(nullptr)), + m_propsKey(ThreadKey::create(nullptr)) { - m_mapper = SPConfig::getConfig().RequestMapperManager.newPlugin(XML_REQUEST_MAPPER,e); - m_stKey=ThreadKey::create(nullptr); - m_propsKey=ThreadKey::create(nullptr); } RequestMapper::Settings SunRequestMapper::getSettings(const HTTPRequest& request) const @@ -641,8 +640,14 @@ if (stn && !ns && name) { // Override int properties. const char* param=pblock_findval(name,stn->m_pb); - if (param) - return pair(true,strtol(param,nullptr,10)); + if (param) { + try { + return pair(true,lexical_cast(param)); + } + catch (bad_lexical_cast&) { + return pair(false,0); + } + } } return s ? s->getUnsignedInt(name,ns) : pair(false,0); } diff -Nru shibboleth-sp2-2.4.3+dfsg/nsapi_shib/nsapi_shib.rc shibboleth-sp2-2.5.2+dfsg/nsapi_shib/nsapi_shib.rc --- shibboleth-sp2-2.4.3+dfsg/nsapi_shib/nsapi_shib.rc 2011-06-28 00:39:26.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/nsapi_shib/nsapi_shib.rc 2013-05-19 23:35:08.000000000 +0000 @@ -28,8 +28,8 @@ // VS_VERSION_INFO VERSIONINFO - FILEVERSION 2,4,3,0 - PRODUCTVERSION 2,4,3,0 + FILEVERSION 2,5,2,0 + PRODUCTVERSION 2,5,2,0 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L @@ -45,16 +45,16 @@ BLOCK "040904b0" BEGIN VALUE "Comments", "\0" - VALUE "CompanyName", "UCAID\0" + VALUE "CompanyName", "Shibboleth Consortium\0" VALUE "FileDescription", "Shibboleth NSAPI Extension\0" - VALUE "FileVersion", "2, 4, 3, 0\0" + VALUE "FileVersion", "2, 5, 2, 0\0" VALUE "InternalName", "nsapi_shib\0" - VALUE "LegalCopyright", "Copyright © 2011 UCAID\0" + VALUE "LegalCopyright", "Copyright © 2013 UCAID\0" VALUE "LegalTrademarks", "\0" VALUE "OriginalFilename", "nsapi_shib.dll\0" VALUE "PrivateBuild", "\0" - VALUE "ProductName", "Shibboleth 2.4.3\0" - VALUE "ProductVersion", "2, 4, 3, 0\0" + VALUE "ProductName", "Shibboleth 2.5.2\0" + VALUE "ProductVersion", "2, 5, 2, 0\0" VALUE "SpecialBuild", "\0" END END diff -Nru shibboleth-sp2-2.4.3+dfsg/nsapi_shib/nsapi_shib.vcxproj shibboleth-sp2-2.5.2+dfsg/nsapi_shib/nsapi_shib.vcxproj --- shibboleth-sp2-2.4.3+dfsg/nsapi_shib/nsapi_shib.vcxproj 2011-06-28 00:39:26.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/nsapi_shib/nsapi_shib.vcxproj 2013-05-23 16:57:05.000000000 +0000 @@ -1,4 +1,4 @@ - + @@ -60,16 +60,15 @@ + + + <_ProjectFileVersion>10.0.30319.1 - $(SolutionDir)$(Configuration)\ - $(Configuration)\ false $(SolutionDir)$(Platform)\$(Configuration)\ $(Platform)\$(Configuration)\ false - $(SolutionDir)$(Configuration)\ - $(Configuration)\ true $(SolutionDir)$(Platform)\$(Configuration)\ $(Platform)\$(Configuration)\ @@ -236,4 +235,4 @@ - \ No newline at end of file + diff -Nru shibboleth-sp2-2.4.3+dfsg/odbc-store/Makefile.am shibboleth-sp2-2.5.2+dfsg/odbc-store/Makefile.am --- shibboleth-sp2-2.4.3+dfsg/odbc-store/Makefile.am 2011-06-28 00:39:28.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/odbc-store/Makefile.am 2012-07-23 20:08:29.000000000 +0000 @@ -1,6 +1,6 @@ AUTOMAKE_OPTIONS = foreign -plugindir = $(libdir)/@PACKAGE@ +plugindir = $(libdir)/@PACKAGE_NAME@ plugin_LTLIBRARIES = odbc-store.la AM_CFLAGS = $(ODBC_CFLAGS) @@ -13,7 +13,7 @@ odbc_store_la_LDFLAGS = -module -avoid-version -install-exec-hook: +install-data-hook: for la in $(plugin_LTLIBRARIES) ; do rm -f $(DESTDIR)$(plugindir)/$$la ; done EXTRA_DIST = odbc-store.vcxproj odbc-store.rc resource.h diff -Nru shibboleth-sp2-2.4.3+dfsg/odbc-store/Makefile.in shibboleth-sp2-2.5.2+dfsg/odbc-store/Makefile.in --- shibboleth-sp2-2.4.3+dfsg/odbc-store/Makefile.in 2011-06-28 01:29:28.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/odbc-store/Makefile.in 2013-06-16 22:06:20.000000000 +0000 @@ -1,9 +1,8 @@ -# Makefile.in generated by automake 1.11.1 from Makefile.am. +# Makefile.in generated by automake 1.12.6 from Makefile.am. # @configure_input@ -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, -# Inc. +# Copyright (C) 1994-2012 Free Software Foundation, Inc. + # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,6 +15,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -35,13 +51,15 @@ build_triplet = @build@ host_triplet = @host@ subdir = odbc-store -DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ + $(top_srcdir)/build-aux/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/acinclude.m4 \ - $(top_srcdir)/m4/acx_pthread.m4 $(top_srcdir)/m4/doxygen.m4 \ - $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ - $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ - $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac + $(top_srcdir)/m4/acx_pthread.m4 $(top_srcdir)/m4/boost.m4 \ + $(top_srcdir)/m4/doxygen.m4 $(top_srcdir)/m4/libtool.m4 \ + $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ + $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ + $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d @@ -70,6 +88,12 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } am__installdirs = "$(DESTDIR)$(plugindir)" LTLIBRARIES = $(plugin_LTLIBRARIES) am__DEPENDENCIES_1 = @@ -95,6 +119,11 @@ $(LDFLAGS) -o $@ SOURCES = $(odbc_store_la_SOURCES) DIST_SOURCES = $(odbc_store_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -109,6 +138,9 @@ APXS22 = @APXS22@ APXS22_CFLAGS = @APXS22_CFLAGS@ APXS22_INCLUDE = @APXS22_INCLUDE@ +APXS24 = @APXS24@ +APXS24_CFLAGS = @APXS24_CFLAGS@ +APXS24_INCLUDE = @APXS24_INCLUDE@ APXS2_CFLAGS = @APXS2_CFLAGS@ APXS2_INCLUDE = @APXS2_INCLUDE@ APXS_CFLAGS = @APXS_CFLAGS@ @@ -118,6 +150,8 @@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ +BOOST_CPPFLAGS = @BOOST_CPPFLAGS@ +BOOST_ROOT = @BOOST_ROOT@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ @@ -130,6 +164,7 @@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ +DISTCHECK_CONFIGURE_FLAGS = @DISTCHECK_CONFIGURE_FLAGS@ DLLTOOL = @DLLTOOL@ DOXYGEN_PAPER_SIZE = @DOXYGEN_PAPER_SIZE@ DSYMUTIL = @DSYMUTIL@ @@ -277,7 +312,7 @@ top_srcdir = @top_srcdir@ xs = @xs@ AUTOMAKE_OPTIONS = foreign -plugindir = $(libdir)/@PACKAGE@ +plugindir = $(libdir)/@PACKAGE_NAME@ plugin_LTLIBRARIES = odbc-store.la AM_CFLAGS = $(ODBC_CFLAGS) AM_CXXFLAGS = $(ODBC_CFLAGS) @@ -323,7 +358,6 @@ $(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ @@ -331,6 +365,8 @@ else :; fi; \ done; \ test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ } @@ -346,13 +382,15 @@ clean-pluginLTLIBRARIES: -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ - test "$$dir" != "$$p" || dir=.; \ - echo "rm -f \"$${dir}/so_locations\""; \ - rm -f "$${dir}/so_locations"; \ - done -odbc-store.la: $(odbc_store_la_OBJECTS) $(odbc_store_la_DEPENDENCIES) + @list='$(plugin_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } +odbc-store.la: $(odbc_store_la_OBJECTS) $(odbc_store_la_DEPENDENCIES) $(EXTRA_odbc_store_la_DEPENDENCIES) $(odbc_store_la_LINK) -rpath $(plugindir) $(odbc_store_la_OBJECTS) $(odbc_store_la_LIBADD) $(LIBS) mostlyclean-compile: @@ -439,6 +477,20 @@ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: $(HEADERS) $(SOURCES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -489,10 +541,15 @@ installcheck: installcheck-am install-strip: - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - `test -z '$(STRIP)' || \ - echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi mostlyclean-generic: clean-generic: @@ -528,14 +585,14 @@ info-am: install-data-am: install-pluginLTLIBRARIES - + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-dvi: install-dvi-am install-dvi-am: install-exec-am: - @$(NORMAL_INSTALL) - $(MAKE) $(AM_MAKEFLAGS) install-exec-hook + install-html: install-html-am install-html-am: @@ -576,25 +633,25 @@ uninstall-am: uninstall-pluginLTLIBRARIES -.MAKE: install-am install-exec-am install-strip +.MAKE: install-am install-data-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-exec-hook \ - install-html install-html-am install-info install-info-am \ - install-man install-pdf install-pdf-am \ - install-pluginLTLIBRARIES install-ps install-ps-am \ - install-strip installcheck installcheck-am installdirs \ - maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ - pdf pdf-am ps ps-am tags uninstall uninstall-am \ - uninstall-pluginLTLIBRARIES + clean-libtool clean-pluginLTLIBRARIES cscopelist ctags \ + distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-data-hook install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-pluginLTLIBRARIES install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \ + uninstall-am uninstall-pluginLTLIBRARIES -install-exec-hook: +install-data-hook: for la in $(plugin_LTLIBRARIES) ; do rm -f $(DESTDIR)$(plugindir)/$$la ; done # Tell versions [3.59,3.63) of GNU make to not export all variables. diff -Nru shibboleth-sp2-2.4.3+dfsg/odbc-store/odbc-store.cpp shibboleth-sp2-2.5.2+dfsg/odbc-store/odbc-store.cpp --- shibboleth-sp2-2.4.3+dfsg/odbc-store/odbc-store.cpp 2011-06-28 00:39:28.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/odbc-store/odbc-store.cpp 2012-12-04 04:49:51.000000000 +0000 @@ -41,7 +41,6 @@ # define ODBCSTORE_EXPORTS #endif -#include #include #include #include @@ -49,17 +48,22 @@ #include #include #include +#include #include #include +#include +#include + using namespace xmltooling::logging; using namespace xmltooling; using namespace xercesc; +using namespace boost; using namespace std; #define PLUGIN_VER_MAJOR 1 -#define PLUGIN_VER_MINOR 0 +#define PLUGIN_VER_MINOR 1 #define LONGDATA_BUFLEN 16384 @@ -80,7 +84,7 @@ context varchar(255) not null, id varchar(255) not null, expires datetime not null, - version smallint not null, + version int not null, value varchar(255) not null, PRIMARY KEY (context, id) ) @@ -89,7 +93,7 @@ context varchar(255) not null, id varchar(255) not null, expires datetime not null, - version smallint not null, + version int not null, value text not null, PRIMARY KEY (context, id) ) @@ -100,18 +104,23 @@ static const XMLCh isolationLevel[] = UNICODE_LITERAL_14(i,s,o,l,a,t,i,o,n,L,e,v,e,l); static const XMLCh ConnectionString[] = UNICODE_LITERAL_16(C,o,n,n,e,c,t,i,o,n,S,t,r,i,n,g); static const XMLCh RetryOnError[] = UNICODE_LITERAL_12(R,e,t,r,y,O,n,E,r,r,o,r); + static const XMLCh contextSize[] = UNICODE_LITERAL_11(c,o,n,t,e,x,t,S,i,z,e); + static const XMLCh keySize[] = UNICODE_LITERAL_7(k,e,y,S,i,z,e); + static const XMLCh stringSize[] = UNICODE_LITERAL_10(s,t,r,i,n,g,S,i,z,e); // RAII for ODBC handles struct ODBCConn { ODBCConn(SQLHDBC conn) : handle(conn), autoCommit(true) {} ~ODBCConn() { - SQLRETURN sr = SQL_SUCCESS; - if (!autoCommit) - sr = SQLSetConnectAttr(handle, SQL_ATTR_AUTOCOMMIT, (SQLPOINTER)SQL_AUTOCOMMIT_ON, 0); - SQLDisconnect(handle); - SQLFreeHandle(SQL_HANDLE_DBC,handle); - if (!SQL_SUCCEEDED(sr)) - throw IOException("Failed to commit connection and return to auto-commit mode."); + if (handle != SQL_NULL_HDBC) { + SQLRETURN sr = SQL_SUCCESS; + if (!autoCommit) + sr = SQLSetConnectAttr(handle, SQL_ATTR_AUTOCOMMIT, (SQLPOINTER)SQL_AUTOCOMMIT_ON, 0); + SQLDisconnect(handle); + SQLFreeHandle(SQL_HANDLE_DBC, handle); + if (!SQL_SUCCEEDED(sr)) + throw IOException("Failed to commit connection and return to auto-commit mode."); + } } operator SQLHDBC() {return handle;} SQLHDBC handle; @@ -124,11 +133,15 @@ ODBCStorageService(const DOMElement* e); virtual ~ODBCStorageService(); + const Capabilities& getCapabilities() const { + return m_caps; + } + bool createString(const char* context, const char* key, const char* value, time_t expiration) { return createRow(STRING_TABLE, context, key, value, expiration); } int readString(const char* context, const char* key, string* pvalue=nullptr, time_t* pexpiration=nullptr, int version=0) { - return readRow(STRING_TABLE, context, key, pvalue, pexpiration, version, false); + return readRow(STRING_TABLE, context, key, pvalue, pexpiration, version); } int updateString(const char* context, const char* key, const char* value=nullptr, time_t expiration=0, int version=0) { return updateRow(STRING_TABLE, context, key, value, expiration, version); @@ -141,7 +154,7 @@ return createRow(TEXT_TABLE, context, key, value, expiration); } int readText(const char* context, const char* key, string* pvalue=nullptr, time_t* pexpiration=nullptr, int version=0) { - return readRow(TEXT_TABLE, context, key, pvalue, pexpiration, version, true); + return readRow(TEXT_TABLE, context, key, pvalue, pexpiration, version); } int updateText(const char* context, const char* key, const char* value=nullptr, time_t expiration=0, int version=0) { return updateRow(TEXT_TABLE, context, key, value, expiration, version); @@ -168,7 +181,7 @@ private: bool createRow(const char *table, const char* context, const char* key, const char* value, time_t expiration); - int readRow(const char *table, const char* context, const char* key, string* pvalue, time_t* pexpiration, int version, bool text); + int readRow(const char *table, const char* context, const char* key, string* pvalue, time_t* pexpiration, int version); int updateRow(const char *table, const char* context, const char* key, const char* value, time_t expiration, int version); bool deleteRow(const char *table, const char* context, const char* key); @@ -178,21 +191,23 @@ SQLHDBC getHDBC(); SQLHSTMT getHSTMT(SQLHDBC); - pair getVersion(SQLHDBC); + pair getVersion(SQLHDBC); pair log_error(SQLHANDLE handle, SQLSMALLINT htype, const char* checkfor=nullptr); static void* cleanup_fn(void*); void cleanup(); Category& m_log; + Capabilities m_caps; int m_cleanupInterval; - CondWait* shutdown_wait; + scoped_ptr shutdown_wait; Thread* cleanup_thread; bool shutdown; SQLHENV m_henv; string m_connstring; long m_isolation; + bool m_wideVersion; vector m_retries; }; @@ -233,62 +248,48 @@ strftime(ret,32,"{ts '%Y-%m-%d %H:%M:%S'}",ptime); } - // make a string safe for SQL command - // result to be free'd only if it isn't the input - static char *makeSafeSQL(const char *src) - { - int ns = 0; - int nc = 0; - char *s; - - // see if any conversion needed - for (s=(char*)src; *s; nc++,s++) if (*s=='\'') ns++; - if (ns==0) return ((char*)src); - - char *safe = new char[(nc+2*ns+1)]; - for (s=safe; *src; src++) { - if (*src=='\'') *s++ = '\''; - *s++ = (char)*src; - } - *s = '\0'; - return (safe); - } + class SQLString { + const char* m_src; + string m_copy; + public: + SQLString(const char* src) : m_src(src) { + if (strchr(src, '\'')) { + m_copy = src; + replace_all(m_copy, "'", "''"); + } + } - void freeSafeSQL(char *safe, const char *src) - { - if (safe!=src) - delete[](safe); - } + operator const char*() const { + return tostr(); + } + + const char* tostr() const { + return m_copy.empty() ? m_src : m_copy.c_str(); + } + }; }; ODBCStorageService::ODBCStorageService(const DOMElement* e) : m_log(Category::getInstance("XMLTooling.StorageService")), - m_cleanupInterval(900), shutdown_wait(nullptr), cleanup_thread(nullptr), shutdown(false), m_henv(SQL_NULL_HANDLE), m_isolation(SQL_TXN_SERIALIZABLE) + m_caps(XMLHelper::getAttrInt(e, 255, contextSize), XMLHelper::getAttrInt(e, 255, keySize), XMLHelper::getAttrInt(e, 255, stringSize)), + m_cleanupInterval(XMLHelper::getAttrInt(e, 900, cleanupInterval)), + cleanup_thread(nullptr), shutdown(false), m_henv(SQL_NULL_HENV), m_isolation(SQL_TXN_SERIALIZABLE), m_wideVersion(false) { #ifdef _DEBUG xmltooling::NDC ndc("ODBCStorageService"); #endif + string iso(XMLHelper::getAttrString(e, "SERIALIZABLE", isolationLevel)); + if (iso == "SERIALIZABLE") + m_isolation = SQL_TXN_SERIALIZABLE; + else if (iso == "REPEATABLE_READ") + m_isolation = SQL_TXN_REPEATABLE_READ; + else if (iso == "READ_COMMITTED") + m_isolation = SQL_TXN_READ_COMMITTED; + else if (iso == "READ_UNCOMMITTED") + m_isolation = SQL_TXN_READ_UNCOMMITTED; + else + throw XMLToolingException("Unknown transaction isolationLevel property."); - const XMLCh* tag=e ? e->getAttributeNS(nullptr,cleanupInterval) : nullptr; - if (tag && *tag) - m_cleanupInterval = XMLString::parseInt(tag); - if (!m_cleanupInterval) - m_cleanupInterval = 900; - - auto_ptr_char iso(e ? e->getAttributeNS(nullptr,isolationLevel) : nullptr); - if (iso.get() && *iso.get()) { - if (!strcmp(iso.get(),"SERIALIZABLE")) - m_isolation = SQL_TXN_SERIALIZABLE; - else if (!strcmp(iso.get(),"REPEATABLE_READ")) - m_isolation = SQL_TXN_REPEATABLE_READ; - else if (!strcmp(iso.get(),"READ_COMMITTED")) - m_isolation = SQL_TXN_READ_COMMITTED; - else if (!strcmp(iso.get(),"READ_UNCOMMITTED")) - m_isolation = SQL_TXN_READ_UNCOMMITTED; - else - throw XMLToolingException("Unknown transaction isolationLevel property."); - } - - if (m_henv == SQL_NULL_HANDLE) { + if (m_henv == SQL_NULL_HENV) { // Enable connection pooling. SQLSetEnvAttr(SQL_NULL_HANDLE, SQL_ATTR_CONNECTION_POOLING, (void*)SQL_CP_ONE_PER_HENV, 0); @@ -303,17 +304,17 @@ } // Grab connection string from the configuration. - e = e ? XMLHelper::getFirstChildElement(e,ConnectionString) : nullptr; - if (!e || !e->hasChildNodes()) { + e = e ? XMLHelper::getFirstChildElement(e, ConnectionString) : nullptr; + auto_ptr_char arg(e ? e->getTextContent() : nullptr); + if (!arg.get() || !*arg.get()) { SQLFreeHandle(SQL_HANDLE_ENV, m_henv); throw XMLToolingException("ODBC StorageService requires ConnectionString element in configuration."); } - auto_ptr_char arg(e->getFirstChild()->getNodeValue()); - m_connstring=arg.get(); + m_connstring = arg.get(); // Connect and check version. ODBCConn conn(getHDBC()); - pair v=getVersion(conn); + pair v = getVersion(conn); // Make sure we've got the right version. if (v.first != PLUGIN_VER_MAJOR) { @@ -321,19 +322,24 @@ m_log.crit("unknown database version: %d.%d", v.first, v.second); throw XMLToolingException("Unknown database version for ODBC StorageService."); } + + if (v.first > 1 || v.second > 0) { + m_log.info("using 32-bit int type for version fields in tables"); + m_wideVersion = true; + } // Load any retry errors to check. - e = XMLHelper::getNextSiblingElement(e,RetryOnError); + e = XMLHelper::getNextSiblingElement(e, RetryOnError); while (e) { if (e->hasChildNodes()) { - m_retries.push_back(XMLString::parseInt(e->getFirstChild()->getNodeValue())); + m_retries.push_back(XMLString::parseInt(e->getTextContent())); m_log.info("will retry operations when native ODBC error (%ld) is returned", m_retries.back()); } - e = XMLHelper::getNextSiblingElement(e,RetryOnError); + e = XMLHelper::getNextSiblingElement(e, RetryOnError); } // Initialize the cleanup thread - shutdown_wait = CondWait::create(); + shutdown_wait.reset(CondWait::create()); cleanup_thread = Thread::create(&cleanup_fn, (void*)this); } @@ -342,7 +348,6 @@ shutdown = true; shutdown_wait->signal(); cleanup_thread->join(nullptr); - delete shutdown_wait; if (m_henv != SQL_NULL_HANDLE) SQLFreeHandle(SQL_HANDLE_ENV, m_henv); } @@ -377,33 +382,37 @@ #endif // Get a handle. - SQLHDBC handle; - SQLRETURN sr=SQLAllocHandle(SQL_HANDLE_DBC, m_henv, &handle); - if (!SQL_SUCCEEDED(sr)) { + SQLHDBC handle = SQL_NULL_HDBC; + SQLRETURN sr = SQLAllocHandle(SQL_HANDLE_DBC, m_henv, &handle); + if (!SQL_SUCCEEDED(sr) || handle == SQL_NULL_HDBC) { m_log.error("failed to allocate connection handle"); log_error(m_henv, SQL_HANDLE_ENV); throw IOException("ODBC StorageService failed to allocate a connection handle."); } - sr=SQLDriverConnect(handle,nullptr,(SQLCHAR*)m_connstring.c_str(),m_connstring.length(),nullptr,0,nullptr,SQL_DRIVER_NOPROMPT); + sr = SQLDriverConnect(handle,nullptr,(SQLCHAR*)m_connstring.c_str(),m_connstring.length(),nullptr,0,nullptr,SQL_DRIVER_NOPROMPT); if (!SQL_SUCCEEDED(sr)) { m_log.error("failed to connect to database"); log_error(handle, SQL_HANDLE_DBC); + SQLFreeHandle(SQL_HANDLE_DBC, handle); throw IOException("ODBC StorageService failed to connect to database."); } sr = SQLSetConnectAttr(handle, SQL_ATTR_TXN_ISOLATION, (SQLPOINTER)m_isolation, 0); - if (!SQL_SUCCEEDED(sr)) + if (!SQL_SUCCEEDED(sr)) { + SQLDisconnect(handle); + SQLFreeHandle(SQL_HANDLE_DBC, handle); throw IOException("ODBC StorageService failed to set transaction isolation level."); + } return handle; } SQLHSTMT ODBCStorageService::getHSTMT(SQLHDBC conn) { - SQLHSTMT hstmt; - SQLRETURN sr=SQLAllocHandle(SQL_HANDLE_STMT,conn,&hstmt); - if (!SQL_SUCCEEDED(sr)) { + SQLHSTMT hstmt = SQL_NULL_HSTMT; + SQLRETURN sr = SQLAllocHandle(SQL_HANDLE_STMT, conn, &hstmt); + if (!SQL_SUCCEEDED(sr) || hstmt == SQL_NULL_HSTMT) { m_log.error("failed to allocate statement handle"); log_error(conn, SQL_HANDLE_DBC); throw IOException("ODBC StorageService failed to allocate a statement handle."); @@ -411,12 +420,12 @@ return hstmt; } -pair ODBCStorageService::getVersion(SQLHDBC conn) +pair ODBCStorageService::getVersion(SQLHDBC conn) { // Grab the version number from the database. SQLHSTMT stmt = getHSTMT(conn); - SQLRETURN sr=SQLExecDirect(stmt, (SQLCHAR*)"SELECT major,minor FROM version", SQL_NTS); + SQLRETURN sr = SQLExecDirect(stmt, (SQLCHAR*)"SELECT major,minor FROM version", SQL_NTS); if (!SQL_SUCCEEDED(sr)) { m_log.error("failed to read version from database"); log_error(stmt, SQL_HANDLE_STMT); @@ -425,11 +434,11 @@ SQLINTEGER major; SQLINTEGER minor; - SQLBindCol(stmt,1,SQL_C_SLONG,&major,0,nullptr); - SQLBindCol(stmt,2,SQL_C_SLONG,&minor,0,nullptr); + SQLBindCol(stmt, 1, SQL_C_SLONG, &major, 0, nullptr); + SQLBindCol(stmt, 2, SQL_C_SLONG, &minor, 0, nullptr); - if ((sr=SQLFetch(stmt)) != SQL_NO_DATA) - return pair(major,minor); + if ((sr = SQLFetch(stmt)) != SQL_NO_DATA) + return make_pair(major,minor); m_log.error("no rows returned in version query"); throw IOException("ODBC StorageService failed to read version from database."); @@ -448,10 +457,6 @@ ODBCConn conn(getHDBC()); SQLHSTMT stmt = getHSTMT(conn); - // Prepare and exectute insert statement. - //char *scontext = makeSafeSQL(context); - //char *skey = makeSafeSQL(key); - //char *svalue = makeSafeSQL(value); string q = string("INSERT INTO ") + table + " VALUES (?,?," + timebuf + ",1,?)"; SQLRETURN sr = SQLPrepare(stmt, (SQLCHAR*)q.c_str(), SQL_NTS); @@ -490,17 +495,12 @@ } m_log.debug("SQLBindParam succeeded (value = %s)", value); - //freeSafeSQL(scontext, context); - //freeSafeSQL(skey, key); - //freeSafeSQL(svalue, value); - //m_log.debug("SQL: %s", q.c_str()); - int attempts = 3; pair logres; do { logres = make_pair(false,false); attempts--; - sr=SQLExecute(stmt); + sr = SQLExecute(stmt); if (SQL_SUCCEEDED(sr)) { m_log.debug("SQLExecute of insert succeeded"); return true; @@ -514,9 +514,7 @@ throw IOException("ODBC StorageService failed to insert record."); } -int ODBCStorageService::readRow( - const char *table, const char* context, const char* key, string* pvalue, time_t* pexpiration, int version, bool text - ) +int ODBCStorageService::readRow(const char *table, const char* context, const char* key, string* pvalue, time_t* pexpiration, int version) { #ifdef _DEBUG xmltooling::NDC ndc("readRow"); @@ -529,21 +527,20 @@ // Prepare and exectute select statement. char timebuf[32]; timestampFromTime(time(nullptr), timebuf); - char *scontext = makeSafeSQL(context); - char *skey = makeSafeSQL(key); - ostringstream q; - q << "SELECT version"; + SQLString scontext(context); + SQLString skey(key); + string q("SELECT version"); if (pexpiration) - q << ",expires"; - if (pvalue) - q << ",CASE version WHEN " << version << " THEN null ELSE value END"; - q << " FROM " << table << " WHERE context='" << scontext << "' AND id='" << skey << "' AND expires > " << timebuf; - freeSafeSQL(scontext, context); - freeSafeSQL(skey, key); + q += ",expires"; + if (pvalue) { + pvalue->erase(); + q = q + ",CASE version WHEN " + lexical_cast(version) + " THEN null ELSE value END"; + } + q = q + " FROM " + table + " WHERE context='" + scontext.tostr() + "' AND id='" + skey.tostr() + "' AND expires > " + timebuf; if (m_log.isDebugEnabled()) - m_log.debug("SQL: %s", q.str().c_str()); + m_log.debug("SQL: %s", q.c_str()); - SQLRETURN sr=SQLExecDirect(stmt, (SQLCHAR*)q.str().c_str(), SQL_NTS); + SQLRETURN sr=SQLExecDirect(stmt, (SQLCHAR*)q.c_str(), SQL_NTS); if (!SQL_SUCCEEDED(sr)) { m_log.error("error searching for (t=%s, c=%s, k=%s)", table, context, key); log_error(stmt, SQL_HANDLE_STMT); @@ -551,25 +548,35 @@ } SQLSMALLINT ver; + SQLINTEGER widever; SQL_TIMESTAMP_STRUCT expiration; - SQLBindCol(stmt,1,SQL_C_SSHORT,&ver,0,nullptr); + if (m_wideVersion) + SQLBindCol(stmt, 1, SQL_C_SLONG, &widever, 0, nullptr); + else + SQLBindCol(stmt, 1, SQL_C_SSHORT, &ver, 0, nullptr); if (pexpiration) - SQLBindCol(stmt,2,SQL_C_TYPE_TIMESTAMP,&expiration,0,nullptr); + SQLBindCol(stmt, 2, SQL_C_TYPE_TIMESTAMP, &expiration, 0, nullptr); - if ((sr=SQLFetch(stmt)) == SQL_NO_DATA) + if ((sr = SQLFetch(stmt)) == SQL_NO_DATA) { + if (m_log.isDebugEnabled()) + m_log.debug("search returned no data (t=%s, c=%s, k=%s)", table, context, key); return 0; + } if (pexpiration) *pexpiration = timeFromTimestamp(expiration); - if (version == ver) + if (version == (m_wideVersion ? widever : ver)) { + if (m_log.isDebugEnabled()) + m_log.debug("versioned search detected no change (t=%s, c=%s, k=%s)", table, context, key); return version; // nothing's changed, so just echo back the version + } if (pvalue) { SQLLEN len; SQLCHAR buf[LONGDATA_BUFLEN]; - while ((sr=SQLGetData(stmt,pexpiration ? 3 : 2,SQL_C_CHAR,buf,sizeof(buf),&len)) != SQL_NO_DATA) { + while ((sr = SQLGetData(stmt, (pexpiration ? 3 : 2), SQL_C_CHAR, buf, sizeof(buf), &len)) != SQL_NO_DATA) { if (!SQL_SUCCEEDED(sr)) { m_log.error("error while reading text field from result set"); log_error(stmt, SQL_HANDLE_STMT); @@ -579,7 +586,7 @@ } } - return ver; + return (m_wideVersion ? widever : ver); } int ODBCStorageService::updateRow(const char *table, const char* context, const char* key, const char* value, time_t expiration, int version) @@ -602,36 +609,38 @@ // First, fetch the current version for later, which also ensures the record still exists. char timebuf[32]; timestampFromTime(time(nullptr), timebuf); - char *scontext = makeSafeSQL(context); - char *skey = makeSafeSQL(key); + SQLString scontext(context); + SQLString skey(key); string q("SELECT version FROM "); - q = q + table + " WHERE context='" + scontext + "' AND id='" + skey + "' AND expires > " + timebuf; + q = q + table + " WHERE context='" + scontext.tostr() + "' AND id='" + skey.tostr() + "' AND expires > " + timebuf; m_log.debug("SQL: %s", q.c_str()); - sr=SQLExecDirect(stmt, (SQLCHAR*)q.c_str(), SQL_NTS); + sr = SQLExecDirect(stmt, (SQLCHAR*)q.c_str(), SQL_NTS); if (!SQL_SUCCEEDED(sr)) { - freeSafeSQL(scontext, context); - freeSafeSQL(skey, key); m_log.error("error searching for (t=%s, c=%s, k=%s)", table, context, key); log_error(stmt, SQL_HANDLE_STMT); throw IOException("ODBC StorageService search failed."); } SQLSMALLINT ver; - SQLBindCol(stmt,1,SQL_C_SSHORT,&ver,0,nullptr); - if ((sr=SQLFetch(stmt)) == SQL_NO_DATA) { - freeSafeSQL(scontext, context); - freeSafeSQL(skey, key); + SQLINTEGER widever; + if (m_wideVersion) + SQLBindCol(stmt, 1, SQL_C_SLONG, &widever, 0, nullptr); + else + SQLBindCol(stmt, 1, SQL_C_SSHORT, &ver, 0, nullptr); + if ((sr = SQLFetch(stmt)) == SQL_NO_DATA) { return 0; } // Check version? - if (version > 0 && version != ver) { - freeSafeSQL(scontext, context); - freeSafeSQL(skey, key); + if (version > 0 && version != (m_wideVersion ? widever : ver)) { return -1; } + else if ((m_wideVersion && widever == INT_MAX) || (!m_wideVersion && ver == 32767)) { + m_log.error("record version overflow (t=%s, c=%s, k=%s)", table, context, key); + throw IOException("Version overflow, record in ODBC StorageService could not be updated."); + } SQLFreeHandle(SQL_HANDLE_STMT, stmt); stmt = getHSTMT(conn); @@ -649,9 +658,7 @@ q = q + "expires = " + timebuf; } - q = q + " WHERE context='" + scontext + "' AND id='" + skey + "'"; - freeSafeSQL(scontext, context); - freeSafeSQL(skey, key); + q = q + " WHERE context='" + scontext.tostr() + "' AND id='" + skey.tostr() + "'"; sr = SQLPrepare(stmt, (SQLCHAR*)q.c_str(), SQL_NTS); if (!SQL_SUCCEEDED(sr)) { @@ -668,11 +675,11 @@ else sr = SQLBindParam(stmt, 1, SQL_C_CHAR, SQL_VARCHAR, 255, 0, const_cast(value), &b_ind); if (!SQL_SUCCEEDED(sr)) { - m_log.error("SQLBindParam failed (context = %s)", context); + m_log.error("SQLBindParam failed (value = %s)", value); log_error(stmt, SQL_HANDLE_STMT); throw IOException("ODBC StorageService failed to update record."); } - m_log.debug("SQLBindParam succeeded (context = %s)", context); + m_log.debug("SQLBindParam succeeded (value = %s)", value); } int attempts = 3; @@ -680,15 +687,15 @@ do { logres = make_pair(false,false); attempts--; - sr=SQLExecute(stmt); - if (sr==SQL_NO_DATA) + sr = SQLExecute(stmt); + if (sr == SQL_NO_DATA) return 0; // went missing? else if (SQL_SUCCEEDED(sr)) { m_log.debug("SQLExecute of update succeeded"); - return ver + 1; + return (m_wideVersion ? widever : ver) + 1; } - m_log.error("update of record failed (t=%s, c=%s, k=%s", table, context, key); + m_log.error("update of record failed (t=%s, c=%s, k=%s)", table, context, key); logres = log_error(stmt, SQL_HANDLE_STMT); } while (attempts && logres.first); @@ -706,15 +713,13 @@ SQLHSTMT stmt = getHSTMT(conn); // Prepare and execute delete statement. - char *scontext = makeSafeSQL(context); - char *skey = makeSafeSQL(key); - string q = string("DELETE FROM ") + table + " WHERE context='" + scontext + "' AND id='" + skey + "'"; - freeSafeSQL(scontext, context); - freeSafeSQL(skey, key); + SQLString scontext(context); + SQLString skey(key); + string q = string("DELETE FROM ") + table + " WHERE context='" + scontext.tostr() + "' AND id='" + skey.tostr() + "'"; m_log.debug("SQL: %s", q.c_str()); - SQLRETURN sr=SQLExecDirect(stmt, (SQLCHAR*)q.c_str(), SQL_NTS); - if (sr==SQL_NO_DATA) + SQLRETURN sr = SQLExecDirect(stmt, (SQLCHAR*)q.c_str(), SQL_NTS); + if (sr == SQL_NO_DATA) return false; else if (!SQL_SUCCEEDED(sr)) { m_log.error("error deleting record (t=%s, c=%s, k=%s)", table, context, key); @@ -732,20 +737,20 @@ xmltooling::NDC ndc("cleanup"); #endif - Mutex* mutex = Mutex::create(); + scoped_ptr mutex(Mutex::create()); mutex->lock(); m_log.info("cleanup thread started... running every %d secs", m_cleanupInterval); while (!shutdown) { - shutdown_wait->timedwait(mutex, m_cleanupInterval); + shutdown_wait->timedwait(mutex.get(), m_cleanupInterval); if (shutdown) break; try { reap(nullptr); } - catch (exception& ex) { + catch (std::exception& ex) { m_log.error("cleanup thread swallowed exception: %s", ex.what()); } } @@ -753,7 +758,6 @@ m_log.info("cleanup thread exiting..."); mutex->unlock(); - delete mutex; Thread::exit(nullptr); } @@ -787,15 +791,13 @@ char nowbuf[32]; timestampFromTime(time(nullptr), nowbuf); - char *scontext = makeSafeSQL(context); - string q("UPDATE "); - q = q + table + " SET expires = " + timebuf + " WHERE context='" + scontext + "' AND expires > " + nowbuf; - freeSafeSQL(scontext, context); + SQLString scontext(context); + string q = string("UPDATE ") + table + " SET expires = " + timebuf + " WHERE context='" + scontext.tostr() + "' AND expires > " + nowbuf; m_log.debug("SQL: %s", q.c_str()); - SQLRETURN sr=SQLExecDirect(stmt, (SQLCHAR*)q.c_str(), SQL_NTS); - if ((sr!=SQL_NO_DATA) && !SQL_SUCCEEDED(sr)) { + SQLRETURN sr = SQLExecDirect(stmt, (SQLCHAR*)q.c_str(), SQL_NTS); + if ((sr != SQL_NO_DATA) && !SQL_SUCCEEDED(sr)) { m_log.error("error updating records (t=%s, c=%s)", table, context ? context : "all"); log_error(stmt, SQL_HANDLE_STMT); throw IOException("ODBC StorageService failed to update context expiration."); @@ -817,17 +819,16 @@ timestampFromTime(time(nullptr), nowbuf); string q; if (context) { - char *scontext = makeSafeSQL(context); - q = string("DELETE FROM ") + table + " WHERE context='" + scontext + "' AND expires <= " + nowbuf; - freeSafeSQL(scontext, context); + SQLString scontext(context); + q = string("DELETE FROM ") + table + " WHERE context='" + scontext.tostr() + "' AND expires <= " + nowbuf; } else { q = string("DELETE FROM ") + table + " WHERE expires <= " + nowbuf; } m_log.debug("SQL: %s", q.c_str()); - SQLRETURN sr=SQLExecDirect(stmt, (SQLCHAR*)q.c_str(), SQL_NTS); - if ((sr!=SQL_NO_DATA) && !SQL_SUCCEEDED(sr)) { + SQLRETURN sr = SQLExecDirect(stmt, (SQLCHAR*)q.c_str(), SQL_NTS); + if ((sr != SQL_NO_DATA) && !SQL_SUCCEEDED(sr)) { m_log.error("error expiring records (t=%s, c=%s)", table, context ? context : "all"); log_error(stmt, SQL_HANDLE_STMT); throw IOException("ODBC StorageService failed to purge expired records."); @@ -845,13 +846,12 @@ SQLHSTMT stmt = getHSTMT(conn); // Prepare and execute delete statement. - char *scontext = makeSafeSQL(context); - string q = string("DELETE FROM ") + table + " WHERE context='" + scontext + "'"; - freeSafeSQL(scontext, context); + SQLString scontext(context); + string q = string("DELETE FROM ") + table + " WHERE context='" + scontext.tostr() + "'"; m_log.debug("SQL: %s", q.c_str()); - SQLRETURN sr=SQLExecDirect(stmt, (SQLCHAR*)q.c_str(), SQL_NTS); - if ((sr!=SQL_NO_DATA) && !SQL_SUCCEEDED(sr)) { + SQLRETURN sr = SQLExecDirect(stmt, (SQLCHAR*)q.c_str(), SQL_NTS); + if ((sr != SQL_NO_DATA) && !SQL_SUCCEEDED(sr)) { m_log.error("error deleting context (t=%s, c=%s)", table, context); log_error(stmt, SQL_HANDLE_STMT); throw IOException("ODBC StorageService failed to delete context."); diff -Nru shibboleth-sp2-2.4.3+dfsg/odbc-store/odbc-store.rc shibboleth-sp2-2.5.2+dfsg/odbc-store/odbc-store.rc --- shibboleth-sp2-2.4.3+dfsg/odbc-store/odbc-store.rc 2011-06-28 00:39:28.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/odbc-store/odbc-store.rc 2013-05-19 23:35:08.000000000 +0000 @@ -53,8 +53,8 @@ // VS_VERSION_INFO VERSIONINFO - FILEVERSION 2,4,3,0 - PRODUCTVERSION 2,4,3,0 + FILEVERSION 2,5,2,0 + PRODUCTVERSION 2,5,2,0 FILEFLAGSMASK 0x17L #ifdef _DEBUG FILEFLAGS 0x1L @@ -69,14 +69,14 @@ BEGIN BLOCK "040904b0" BEGIN - VALUE "CompanyName", "UCAID\0" + VALUE "CompanyName", "Shibboleth Consortium\0" VALUE "FileDescription", "Shibboleth ODBC Storage Service Plugin\0" - VALUE "FileVersion", "2, 4, 3, 0\0" + VALUE "FileVersion", "2, 5, 2, 0\0" VALUE "InternalName", "odbc-store\0" - VALUE "LegalCopyright", "Copyright © 2011 UCAID\0" + VALUE "LegalCopyright", "Copyright © 2013 UCAID\0" VALUE "OriginalFilename", "odbc-store.so\0" - VALUE "ProductName", "Shibboleth 2.4.3\0" - VALUE "ProductVersion", "2, 4, 3, 0\0" + VALUE "ProductName", "Shibboleth 2.5.2\0" + VALUE "ProductVersion", "2, 5, 2, 0\0" END END BLOCK "VarFileInfo" diff -Nru shibboleth-sp2-2.4.3+dfsg/odbc-store/odbc-store.vcxproj shibboleth-sp2-2.5.2+dfsg/odbc-store/odbc-store.vcxproj --- shibboleth-sp2-2.4.3+dfsg/odbc-store/odbc-store.vcxproj 2011-06-28 00:39:28.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/odbc-store/odbc-store.vcxproj 2013-05-23 16:57:05.000000000 +0000 @@ -1,4 +1,4 @@ - + @@ -58,16 +58,15 @@ + + + <_ProjectFileVersion>10.0.30319.1 - $(SolutionDir)$(Configuration)\ - $(Configuration)\ true $(SolutionDir)$(Platform)\$(Configuration)\ $(Platform)\$(Configuration)\ true - $(SolutionDir)$(Configuration)\ - $(Configuration)\ false $(SolutionDir)$(Platform)\$(Configuration)\ $(Platform)\$(Configuration)\ @@ -188,4 +187,4 @@ - \ No newline at end of file + diff -Nru shibboleth-sp2-2.4.3+dfsg/plugins/CaseFoldingAttributeResolver.cpp shibboleth-sp2-2.5.2+dfsg/plugins/CaseFoldingAttributeResolver.cpp --- shibboleth-sp2-2.4.3+dfsg/plugins/CaseFoldingAttributeResolver.cpp 1970-01-01 00:00:00.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/plugins/CaseFoldingAttributeResolver.cpp 2012-07-23 20:08:22.000000000 +0000 @@ -0,0 +1,221 @@ +/** + * Licensed to the University Corporation for Advanced Internet + * Development, Inc. (UCAID) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for + * additional information regarding copyright ownership. + * + * UCAID licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the + * License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific + * language governing permissions and limitations under the License. + */ + +/** + * CaseFoldingAttributeResolver.cpp + * + * Attribute Resolver plugins for upcasing and downcasing. + */ + +#include "internal.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +using namespace shibsp; +using namespace xmltooling; +using namespace xercesc; +using namespace std; + +namespace shibsp { + + class SHIBSP_DLLLOCAL FoldingContext : public ResolutionContext + { + public: + FoldingContext(const vector* attributes) : m_inputAttributes(attributes) { + } + + ~FoldingContext() { + for_each(m_attributes.begin(), m_attributes.end(), xmltooling::cleanup()); + } + + const vector* getInputAttributes() const { + return m_inputAttributes; + } + vector& getResolvedAttributes() { + return m_attributes; + } + vector& getResolvedAssertions() { + return m_assertions; + } + + private: + const vector* m_inputAttributes; + vector m_attributes; + static vector m_assertions; // empty dummy + }; + + + class SHIBSP_DLLLOCAL CaseFoldingAttributeResolver : public AttributeResolver + { + public: + enum case_t { + _up, + _down + }; + + CaseFoldingAttributeResolver(const DOMElement* e, case_t direction); + virtual ~CaseFoldingAttributeResolver() {} + + Lockable* lock() { + return this; + } + void unlock() { + } + + ResolutionContext* createResolutionContext( + const Application& application, + const opensaml::saml2md::EntityDescriptor* issuer, + const XMLCh* protocol, + const opensaml::saml2::NameID* nameid=nullptr, + const XMLCh* authncontext_class=nullptr, + const XMLCh* authncontext_decl=nullptr, + const vector* tokens=nullptr, + const vector* attributes=nullptr + ) const { + // Make sure new method gets run. + return createResolutionContext(application, nullptr, issuer, protocol, nameid, authncontext_class, authncontext_decl, tokens, attributes); + } + + ResolutionContext* createResolutionContext( + const Application& application, + const GenericRequest* request, + const opensaml::saml2md::EntityDescriptor* issuer, + const XMLCh* protocol, + const opensaml::saml2::NameID* nameid=nullptr, + const XMLCh* authncontext_class=nullptr, + const XMLCh* authncontext_decl=nullptr, + const vector* tokens=nullptr, + const vector* attributes=nullptr + ) const { + return new FoldingContext(attributes); + } + + ResolutionContext* createResolutionContext(const Application& application, const Session& session) const { + return new FoldingContext(&session.getAttributes()); + } + + void resolveAttributes(ResolutionContext& ctx) const; + + void getAttributeIds(vector& attributes) const { + if (!m_dest.empty() && !m_dest.front().empty()) + attributes.push_back(m_dest.front()); + } + + private: + Category& m_log; + case_t m_direction; + string m_source; + vector m_dest; + }; + + static const XMLCh dest[] = UNICODE_LITERAL_4(d,e,s,t); + static const XMLCh source[] = UNICODE_LITERAL_6(s,o,u,r,c,e); + + AttributeResolver* SHIBSP_DLLLOCAL UpperCaseAttributeResolverFactory(const DOMElement* const & e) + { + return new CaseFoldingAttributeResolver(e, CaseFoldingAttributeResolver::_up); + } + + AttributeResolver* SHIBSP_DLLLOCAL LowerCaseAttributeResolverFactory(const DOMElement* const & e) + { + return new CaseFoldingAttributeResolver(e, CaseFoldingAttributeResolver::_down); + } +}; + +vector FoldingContext::m_assertions; + +CaseFoldingAttributeResolver::CaseFoldingAttributeResolver(const DOMElement* e, case_t direction) + : m_log(Category::getInstance(SHIBSP_LOGCAT".AttributeResolver.CaseFolding")), + m_direction(direction), + m_source(XMLHelper::getAttrString(e, nullptr, source)), + m_dest(1, XMLHelper::getAttrString(e, nullptr, dest)) +{ + if (m_source.empty()) + throw ConfigurationException("CaseFolding AttributeResolver requires source attribute."); +} + + +void CaseFoldingAttributeResolver::resolveAttributes(ResolutionContext& ctx) const +{ + FoldingContext& fctx = dynamic_cast(ctx); + if (!fctx.getInputAttributes()) + return; + + auto_ptr destwrapper; + + for (vector::const_iterator a = fctx.getInputAttributes()->begin(); a != fctx.getInputAttributes()->end(); ++a) { + if (m_source != (*a)->getId() || (*a)->valueCount() == 0) { + continue; + } + + SimpleAttribute* dest = nullptr; + if (m_dest.empty() || m_dest.front().empty()) { + // Can we transform in-place? + dest = dynamic_cast(*a); + if (!dest) { + m_log.warn("can't %scase non-simple attribute (%s) 'in place'", (m_direction==_up ? "up" : "down"), m_source.c_str()); + continue; + } + m_log.debug("applying in-place transform to source attribute (%s)", m_source.c_str()); + } + else if (!destwrapper.get()) { + // Create a destination attribute. + destwrapper.reset(new SimpleAttribute(m_dest)); + m_log.debug("applying transform from source attribute (%s) to dest attribute (%s)", m_source.c_str(), m_dest.front().c_str()); + } + + for (size_t i = 0; i < (*a)->valueCount(); ++i) { + try { + XMLCh* srcval = fromUTF8((*a)->getSerializedValues()[i].c_str()); + if (srcval) { + auto_arrayptr valjanitor(srcval); + (m_direction == _up) ? XMLString::upperCase(srcval) : XMLString::lowerCase(srcval); + auto_arrayptr narrow(toUTF8(srcval)); + if (dest) { + // Modify in place. + dest->getValues()[i] = narrow.get(); + } + else { + // Add to new object. + destwrapper->getValues().push_back(narrow.get()); + } + } + } + catch (XMLException& ex) { + auto_ptr_char msg(ex.getMessage()); + m_log.error("caught error performing conversion: %s", msg.get()); + } + } + } + + // Save off new object. + if (destwrapper.get()) { + ctx.getResolvedAttributes().push_back(destwrapper.get()); + destwrapper.release(); + } +} diff -Nru shibboleth-sp2-2.4.3+dfsg/plugins/GSSAPIAttributeExtractor.cpp shibboleth-sp2-2.5.2+dfsg/plugins/GSSAPIAttributeExtractor.cpp --- shibboleth-sp2-2.4.3+dfsg/plugins/GSSAPIAttributeExtractor.cpp 1970-01-01 00:00:00.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/plugins/GSSAPIAttributeExtractor.cpp 2012-07-23 20:08:22.000000000 +0000 @@ -0,0 +1,426 @@ +/** + * Licensed to the University Corporation for Advanced Internet + * Development, Inc. (UCAID) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for + * additional information regarding copyright ownership. + * + * UCAID licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the + * License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific + * language governing permissions and limitations under the License. + */ + +/** + * GSSAPIAttributeExtractor.cpp + * + * AttributeExtractor for a base64-encoded GSS-API context or name. + */ + +#include "internal.h" + +#ifdef HAVE_GSSAPI_NAMINGEXTS + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#ifdef SHIBSP_HAVE_GSSGNU +# include +#elif defined SHIBSP_HAVE_GSSMIT +# include +#else +# include +#endif + + +using namespace shibsp; +using namespace opensaml::saml2md; +using namespace opensaml; +using namespace xmltooling; +using namespace xercesc; +using namespace boost; +using namespace std; + +namespace shibsp { + +#if defined (_MSC_VER) + #pragma warning( push ) + #pragma warning( disable : 4250 ) +#endif + + class GSSAPIExtractorImpl + { + public: + GSSAPIExtractorImpl(const DOMElement* e, Category& log); + ~GSSAPIExtractorImpl() { + if (m_document) + m_document->release(); + } + + void setDocument(DOMDocument* doc) { + m_document = doc; + } + + void extractAttributes(gss_name_t initiatorName, vector& attributes) const; + void extractAttributes(gss_name_t initiatorName, gss_buffer_t namingAttribute, vector& attributes) const; + + void getAttributeIds(vector& attributes) const { + attributes.insert(attributes.end(), m_attributeIds.begin(), m_attributeIds.end()); + } + + private: + struct Rule { + Rule() : authenticated(true), binary(false), scopeDelimiter(0) {} + vector ids; + bool authenticated,binary; + char scopeDelimiter; + }; + + Category& m_log; + DOMDocument* m_document; + map m_attrMap; + vector m_attributeIds; + }; + + class GSSAPIExtractor : public AttributeExtractor, public ReloadableXMLFile + { + public: + GSSAPIExtractor(const DOMElement* e) + : ReloadableXMLFile(e, Category::getInstance(SHIBSP_LOGCAT".AttributeExtractor.GSSAPI")) { + background_load(); + } + ~GSSAPIExtractor() { + shutdown(); + } + + void extractAttributes( + const Application& application, + const RoleDescriptor* issuer, + const XMLObject& xmlObject, + vector& attributes + ) const; + + void getAttributeIds(std::vector& attributes) const { + if (m_impl) + m_impl->getAttributeIds(attributes); + } + + protected: + pair background_load(); + + private: + scoped_ptr m_impl; + }; + +#if defined (_MSC_VER) + #pragma warning( pop ) +#endif + + AttributeExtractor* GSSAPIExtractorFactory(const DOMElement* const & e) + { + return new GSSAPIExtractor(e); + } + + static const XMLCh _aliases[] = UNICODE_LITERAL_7(a,l,i,a,s,e,s); + static const XMLCh Attributes[] = UNICODE_LITERAL_10(A,t,t,r,i,b,u,t,e,s); + static const XMLCh _authenticated[] = UNICODE_LITERAL_13(a,u,t,h,e,n,t,i,c,a,t,e,d); + static const XMLCh _binary[] = UNICODE_LITERAL_6(b,i,n,a,r,y); + static const XMLCh GSSAPIAttribute[] = UNICODE_LITERAL_15(G,S,S,A,P,I,A,t,t,r,i,b,u,t,e); + static const XMLCh _id[] = UNICODE_LITERAL_2(i,d); + static const XMLCh _name[] = UNICODE_LITERAL_4(n,a,m,e); + static const XMLCh _scopeDelimiter[] = UNICODE_LITERAL_14(s,c,o,p,e,D,e,l,i,m,i,t,e,r); +}; + +GSSAPIExtractorImpl::GSSAPIExtractorImpl(const DOMElement* e, Category& log) + : m_log(log), m_document(nullptr) +{ +#ifdef _DEBUG + xmltooling::NDC ndc("GSSAPIExtractorImpl"); +#endif + + if (!XMLHelper::isNodeNamed(e, shibspconstants::SHIB2ATTRIBUTEMAP_NS, Attributes)) + throw ConfigurationException("GSSAPI AttributeExtractor requires am:Attributes at root of configuration."); + + DOMElement* child = XMLHelper::getFirstChildElement(e, shibspconstants::SHIB2ATTRIBUTEMAP_NS, GSSAPIAttribute); + while (child) { + // Check for missing name or id. + const XMLCh* name = child->getAttributeNS(nullptr, _name); + if (!name || !*name) { + m_log.warn("skipping GSSAPIAttribute with no name"); + child = XMLHelper::getNextSiblingElement(child, shibspconstants::SHIB2ATTRIBUTEMAP_NS, GSSAPIAttribute); + continue; + } + + auto_ptr_char id(child->getAttributeNS(nullptr, _id)); + if (!id.get() || !*id.get()) { + m_log.warn("skipping GSSAPIAttribute with no id"); + child = XMLHelper::getNextSiblingElement(child, shibspconstants::SHIB2ATTRIBUTEMAP_NS, GSSAPIAttribute); + continue; + } + else if (!strcmp(id.get(), "REMOTE_USER")) { + m_log.warn("skipping GSSAPIAttribute, id of REMOTE_USER is a reserved name"); + child = XMLHelper::getNextSiblingElement(child, shibspconstants::SHIB2ATTRIBUTEMAP_NS, GSSAPIAttribute); + continue; + } + + // Fetch/create the map entry and see if it's a duplicate rule. + auto_ptr_char attrname(name); + Rule& decl = m_attrMap[attrname.get()]; + if (!decl.ids.empty()) { + m_log.warn("skipping duplicate GSS-API Attribute mapping (same name)"); + child = XMLHelper::getNextSiblingElement(child, shibspconstants::SHIB2ATTRIBUTEMAP_NS, GSSAPIAttribute); + continue; + } + + m_log.info("creating mapping for GSS-API Attribute %s", attrname.get()); + + decl.ids.push_back(id.get()); + m_attributeIds.push_back(id.get()); + + name = child->getAttributeNS(nullptr, _aliases); + if (name && *name) { + auto_ptr_char aliases(name); + string dup(aliases.get()); + set new_aliases; + split(new_aliases, dup, is_space(), algorithm::token_compress_on); + set::iterator ru = new_aliases.find("REMOTE_USER"); + if (ru != new_aliases.end()) { + m_log.warn("skipping alias, REMOTE_USER is a reserved name"); + new_aliases.erase(ru); + } + m_attributeIds.insert(m_attributeIds.end(), new_aliases.begin(), new_aliases.end()); + } + + decl.authenticated = XMLHelper::getAttrBool(child, true, _authenticated); + decl.binary = XMLHelper::getAttrBool(child, false, _binary); + string delim = XMLHelper::getAttrString(child, "", _scopeDelimiter); + if (!delim.empty()) + decl.scopeDelimiter = delim[0]; + + child = XMLHelper::getNextSiblingElement(child, shibspconstants::SHIB2ATTRIBUTEMAP_NS, GSSAPIAttribute); + } +} + +void GSSAPIExtractorImpl::extractAttributes(gss_name_t initiatorName, vector& attributes) const +{ + OM_uint32 minor; + gss_buffer_set_t attrnames = GSS_C_NO_BUFFER_SET; + OM_uint32 major = gss_inquire_name(&minor, initiatorName, nullptr, nullptr, &attrnames); + if (major == GSS_S_COMPLETE) { + for (size_t i = 0; i < attrnames->count; ++i) { + extractAttributes(initiatorName, &attrnames->elements[i], attributes); + } + gss_release_buffer_set(&minor, &attrnames); + } + else { + m_log.warn("unable to extract attributes, GSS name attribute inquiry failed (%u:%u)", major, minor); + } +} + +void GSSAPIExtractorImpl::extractAttributes( + gss_name_t initiatorName, gss_buffer_t namingAttribute, vector& attributes + ) const +{ + // First we have to determine if this GSS attribute is something we recognize. + string attrname(reinterpret_cast(namingAttribute->value), namingAttribute->length); + map::const_iterator rule = m_attrMap.find(attrname); + if (rule == m_attrMap.end()) { + m_log.info("skipping unmapped GSS-API attribute: %s", attrname.c_str()); + return; + } + + vector values; + + OM_uint32 major,minor; + int authenticated=-1,more=-1; + do { + gss_buffer_desc buf = GSS_C_EMPTY_BUFFER; + major = gss_get_name_attribute( + &minor, initiatorName, namingAttribute, &authenticated, nullptr, &buf, nullptr, &more + ); + if (major == GSS_S_COMPLETE) { + if (rule->second.authenticated && !authenticated) { + m_log.warn("skipping unauthenticated GSS-API attribute: %s", attrname.c_str()); + gss_release_buffer(&minor, &buf); + return; + } + if (buf.length) { + values.push_back(string(reinterpret_cast(buf.value), buf.length)); + } + gss_release_buffer(&minor, &buf); + } + else { + m_log.warn("error obtaining values for GSS-API attribute (%s): %u:%u", attrname.c_str(), major, minor); + } + } while (major == GSS_S_COMPLETE && more); + + if (values.empty()) + return; + + if (rule->second.scopeDelimiter && !rule->second.binary) { + auto_ptr scoped(new ScopedAttribute(rule->second.ids, rule->second.scopeDelimiter)); + vector< pair >& dest = scoped->getValues(); + for (vector::const_iterator v = values.begin(); v != values.end(); ++v) { + const char* value = v->c_str(); + const char* scope = strchr(value, rule->second.scopeDelimiter); + if (scope) { + if (*(scope+1)) + dest.push_back(pair(v->substr(0, scope-value), scope + 1)); + else + m_log.warn("ignoring unscoped value"); + } + else { + m_log.warn("ignoring unscoped value"); + } + } + if (!scoped->getValues().empty()) { + attributes.push_back(scoped.get()); + scoped.release(); + } + } + else if (rule->second.binary) { + auto_ptr binary(new BinaryAttribute(rule->second.ids)); + binary->getValues() = values; + attributes.push_back(binary.get()); + binary.release(); + } + else { + auto_ptr simple(new SimpleAttribute(rule->second.ids)); + simple->getValues() = values; + attributes.push_back(simple.get()); + simple.release(); + } +} + +void GSSAPIExtractor::extractAttributes( + const Application& application, const RoleDescriptor* issuer, const XMLObject& xmlObject, vector& attributes + ) const +{ + if (!m_impl) + return; + + static const XMLCh _GSSAPIContext[] = UNICODE_LITERAL_13(G,S,S,A,P,I,C,o,n,t,e,x,t); + static const XMLCh _GSSAPIName[] = UNICODE_LITERAL_10(G,S,S,A,P,I,N,a,m,e); + + if (!XMLString::equals(xmlObject.getElementQName().getLocalPart(), _GSSAPIContext) + && !XMLString::equals(xmlObject.getElementQName().getLocalPart(), _GSSAPIName) + ) { + m_log.debug("unable to extract attributes, unknown XML object type: %s", xmlObject.getElementQName().toString().c_str()); + return; + } + + const XMLCh* encodedWide = xmlObject.getTextContent(); + if (!encodedWide || !*encodedWide) { + m_log.warn("unable to extract attributes, GSSAPI element had no text content"); + return; + } + + xsecsize_t x; + OM_uint32 major,minor; + auto_ptr_char encoded(encodedWide); + + gss_name_t srcname; + gss_ctx_id_t gss = GSS_C_NO_CONTEXT; + + XMLByte* decoded=Base64::decode(reinterpret_cast(encoded.get()), &x); + if (decoded) { + gss_buffer_desc importbuf; + importbuf.length = x; + importbuf.value = decoded; + if (XMLString::equals(xmlObject.getElementQName().getLocalPart(), _GSSAPIName)) { +#ifdef HAVE_GSSAPI_COMPOSITE_NAME + major = gss_import_name(&minor, &importbuf, GSS_C_NT_EXPORT_NAME_COMPOSITE, &srcname); +#else + major = gss_import_name(&minor, &importbuf, GSS_C_NT_EXPORT_NAME, &srcname); +#endif + if (major == GSS_S_COMPLETE) { + m_impl->extractAttributes(srcname, attributes); + gss_release_name(&minor, &srcname); + } + else { + m_log.warn("unable to extract attributes, GSS name import failed (%u:%u)", major, minor); + } + // We fall through here down to the GSS context check, which will exit us. + } + else { + major = gss_import_sec_context(&minor, &importbuf, &gss); + if (major != GSS_S_COMPLETE) { + m_log.warn("unable to extract attributes, GSS context import failed (%u:%u)", major, minor); + gss = GSS_C_NO_CONTEXT; + } + } +#ifdef SHIBSP_XERCESC_HAS_XMLBYTE_RELEASE + XMLString::release(&decoded); +#else + XMLString::release((char**)&decoded); +#endif + } + else { + m_log.warn("unable to extract attributes, base64 decode of GSSAPI context or name failed"); + } + + if (gss == GSS_C_NO_CONTEXT) { + return; + } + + // Extract the initiator name from the context. + major = gss_inquire_context(&minor, gss, &srcname, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr); + if (major == GSS_S_COMPLETE) { + m_impl->extractAttributes(srcname, attributes); + gss_release_name(&minor, &srcname); + } + else { + m_log.warn("unable to extract attributes, GSS initiator name extraction failed (%u:%u)", major, minor); + } + + gss_delete_sec_context(&minor, &gss, GSS_C_NO_BUFFER); +} + +pair GSSAPIExtractor::background_load() +{ + // Load from source using base class. + pair raw = ReloadableXMLFile::load(); + + // If we own it, wrap it. + XercesJanitor docjanitor(raw.first ? raw.second->getOwnerDocument() : nullptr); + + scoped_ptr impl(new GSSAPIExtractorImpl(raw.second, m_log)); + + // If we held the document, transfer it to the impl. If we didn't, it's a no-op. + impl->setDocument(docjanitor.release()); + + // Perform the swap inside a lock. + if (m_lock) + m_lock->wrlock(); + SharedLock locker(m_lock, false); + m_impl.swap(impl); + + return make_pair(false,(DOMElement*)nullptr); +} + +#endif diff -Nru shibboleth-sp2-2.4.3+dfsg/plugins/Makefile.am shibboleth-sp2-2.5.2+dfsg/plugins/Makefile.am --- shibboleth-sp2-2.4.3+dfsg/plugins/Makefile.am 1970-01-01 00:00:00.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/plugins/Makefile.am 2012-07-23 20:08:22.000000000 +0000 @@ -0,0 +1,36 @@ +AUTOMAKE_OPTIONS = foreign + +plugindir = $(libdir)/@PACKAGE_NAME@ +plugin_LTLIBRARIES = plugins.la plugins-lite.la + +noinst_HEADERS = \ + internal.h + +common_sources = \ + plugins.cpp \ + TimeAccessControl.cpp + +plugins_la_SOURCES = \ + ${common_sources} \ + CaseFoldingAttributeResolver.cpp \ + GSSAPIAttributeExtractor.cpp \ + TemplateAttributeResolver.cpp \ + TransformAttributeResolver.cpp + +plugins_lite_la_SOURCES = \ + ${common_sources} + +plugins_la_LIBADD = $(XMLSEC_LIBS) \ + $(top_builddir)/shibsp/libshibsp.la + +plugins_lite_la_LIBADD = $(LITE_LIBS) \ + $(top_builddir)/shibsp/libshibsp-lite.la + +plugins_la_LDFLAGS = -module -avoid-version +plugins_lite_la_LDFLAGS = -module -avoid-version +plugins_lite_la_CPPFLAGS = -DSHIBSP_LITE + +install-data-hook: + for la in $(plugin_LTLIBRARIES) ; do rm -f $(DESTDIR)$(plugindir)/$$la ; done + +EXTRA_DIST = plugins.vcxproj resource.h plugins.rc diff -Nru shibboleth-sp2-2.4.3+dfsg/plugins/Makefile.in shibboleth-sp2-2.5.2+dfsg/plugins/Makefile.in --- shibboleth-sp2-2.4.3+dfsg/plugins/Makefile.in 1970-01-01 00:00:00.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/plugins/Makefile.in 2013-06-16 22:06:21.000000000 +0000 @@ -0,0 +1,715 @@ +# Makefile.in generated by automake 1.12.6 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2012 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + + +VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = plugins +DIST_COMMON = $(noinst_HEADERS) $(srcdir)/Makefile.am \ + $(srcdir)/Makefile.in $(top_srcdir)/build-aux/depcomp +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/acinclude.m4 \ + $(top_srcdir)/m4/acx_pthread.m4 $(top_srcdir)/m4/boost.m4 \ + $(top_srcdir)/m4/doxygen.m4 $(top_srcdir)/m4/libtool.m4 \ + $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ + $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h \ + $(top_builddir)/shibsp/config_pub.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__installdirs = "$(DESTDIR)$(plugindir)" +LTLIBRARIES = $(plugin_LTLIBRARIES) +am__DEPENDENCIES_1 = +plugins_lite_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ + $(top_builddir)/shibsp/libshibsp-lite.la +am__objects_1 = plugins_lite_la-plugins.lo \ + plugins_lite_la-TimeAccessControl.lo +am_plugins_lite_la_OBJECTS = $(am__objects_1) +plugins_lite_la_OBJECTS = $(am_plugins_lite_la_OBJECTS) +plugins_lite_la_LINK = $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CXXLD) $(AM_CXXFLAGS) \ + $(CXXFLAGS) $(plugins_lite_la_LDFLAGS) $(LDFLAGS) -o $@ +plugins_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ + $(top_builddir)/shibsp/libshibsp.la +am__objects_2 = plugins.lo TimeAccessControl.lo +am_plugins_la_OBJECTS = $(am__objects_2) \ + CaseFoldingAttributeResolver.lo GSSAPIAttributeExtractor.lo \ + TemplateAttributeResolver.lo TransformAttributeResolver.lo +plugins_la_OBJECTS = $(am_plugins_la_OBJECTS) +plugins_la_LINK = $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CXXLD) $(AM_CXXFLAGS) \ + $(CXXFLAGS) $(plugins_la_LDFLAGS) $(LDFLAGS) -o $@ +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) -I$(top_builddir)/shibsp +depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +CXXCOMPILE = $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) +LTCXXCOMPILE = $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) +CXXLD = $(CXX) +CXXLINK = $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CXXLD) $(AM_CXXFLAGS) $(CXXFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(plugins_lite_la_SOURCES) $(plugins_la_SOURCES) +DIST_SOURCES = $(plugins_lite_la_SOURCES) $(plugins_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +HEADERS = $(noinst_HEADERS) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +APR1_CONFIG = @APR1_CONFIG@ +APR_CONFIG = @APR_CONFIG@ +APU1_CONFIG = @APU1_CONFIG@ +APU_CONFIG = @APU_CONFIG@ +APXS = @APXS@ +APXS2 = @APXS2@ +APXS22 = @APXS22@ +APXS22_CFLAGS = @APXS22_CFLAGS@ +APXS22_INCLUDE = @APXS22_INCLUDE@ +APXS24 = @APXS24@ +APXS24_CFLAGS = @APXS24_CFLAGS@ +APXS24_INCLUDE = @APXS24_INCLUDE@ +APXS2_CFLAGS = @APXS2_CFLAGS@ +APXS2_INCLUDE = @APXS2_INCLUDE@ +APXS_CFLAGS = @APXS_CFLAGS@ +APXS_INCLUDE = @APXS_INCLUDE@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BOOST_CPPFLAGS = @BOOST_CPPFLAGS@ +BOOST_ROOT = @BOOST_ROOT@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +CXXDEPMODE = @CXXDEPMODE@ +CXXFLAGS = @CXXFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DISTCHECK_CONFIGURE_FLAGS = @DISTCHECK_CONFIGURE_FLAGS@ +DLLTOOL = @DLLTOOL@ +DOXYGEN_PAPER_SIZE = @DOXYGEN_PAPER_SIZE@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +DX_CONFIG = @DX_CONFIG@ +DX_DOCDIR = @DX_DOCDIR@ +DX_DOT = @DX_DOT@ +DX_DOXYGEN = @DX_DOXYGEN@ +DX_DVIPS = @DX_DVIPS@ +DX_EGREP = @DX_EGREP@ +DX_ENV = @DX_ENV@ +DX_FLAG_chi = @DX_FLAG_chi@ +DX_FLAG_chm = @DX_FLAG_chm@ +DX_FLAG_doc = @DX_FLAG_doc@ +DX_FLAG_dot = @DX_FLAG_dot@ +DX_FLAG_html = @DX_FLAG_html@ +DX_FLAG_man = @DX_FLAG_man@ +DX_FLAG_pdf = @DX_FLAG_pdf@ +DX_FLAG_ps = @DX_FLAG_ps@ +DX_FLAG_rtf = @DX_FLAG_rtf@ +DX_FLAG_xml = @DX_FLAG_xml@ +DX_HHC = @DX_HHC@ +DX_LATEX = @DX_LATEX@ +DX_MAKEINDEX = @DX_MAKEINDEX@ +DX_PDFLATEX = @DX_PDFLATEX@ +DX_PERL = @DX_PERL@ +DX_PROJECT = @DX_PROJECT@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FASTCGI_INCLUDE = @FASTCGI_INCLUDE@ +FASTCGI_LDFLAGS = @FASTCGI_LDFLAGS@ +FASTCGI_LIBS = @FASTCGI_LIBS@ +FGREP = @FGREP@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LITE_LIBS = @LITE_LIBS@ +LN_S = @LN_S@ +LOG4CPP_CONFIG = @LOG4CPP_CONFIG@ +LOG4SHIB_CONFIG = @LOG4SHIB_CONFIG@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MEMCACHED_INCLUDE = @MEMCACHED_INCLUDE@ +MEMCACHED_LDFLAGS = @MEMCACHED_LDFLAGS@ +MEMCACHED_LIBS = @MEMCACHED_LIBS@ +MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NSAPI_INCLUDE = @NSAPI_INCLUDE@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +ODBC_CFLAGS = @ODBC_CFLAGS@ +ODBC_CONFIG = @ODBC_CONFIG@ +ODBC_LIBS = @ODBC_LIBS@ +OPENSAMLXMLDIR = @OPENSAMLXMLDIR@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CC = @PTHREAD_CC@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LIBS = @PTHREAD_LIBS@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +VERSION = @VERSION@ +WANT_SUBDIRS = @WANT_SUBDIRS@ +XMLSEC_LIBS = @XMLSEC_LIBS@ +XMLTOOLINGXMLDIR = @XMLTOOLINGXMLDIR@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_CXX = @ac_ct_CXX@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +acx_pthread_config = @acx_pthread_config@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +xs = @xs@ +AUTOMAKE_OPTIONS = foreign +plugindir = $(libdir)/@PACKAGE_NAME@ +plugin_LTLIBRARIES = plugins.la plugins-lite.la +noinst_HEADERS = \ + internal.h + +common_sources = \ + plugins.cpp \ + TimeAccessControl.cpp + +plugins_la_SOURCES = \ + ${common_sources} \ + CaseFoldingAttributeResolver.cpp \ + GSSAPIAttributeExtractor.cpp \ + TemplateAttributeResolver.cpp \ + TransformAttributeResolver.cpp + +plugins_lite_la_SOURCES = \ + ${common_sources} + +plugins_la_LIBADD = $(XMLSEC_LIBS) \ + $(top_builddir)/shibsp/libshibsp.la + +plugins_lite_la_LIBADD = $(LITE_LIBS) \ + $(top_builddir)/shibsp/libshibsp-lite.la + +plugins_la_LDFLAGS = -module -avoid-version +plugins_lite_la_LDFLAGS = -module -avoid-version +plugins_lite_la_CPPFLAGS = -DSHIBSP_LITE +EXTRA_DIST = plugins.vcxproj resource.h plugins.rc +all: all-am + +.SUFFIXES: +.SUFFIXES: .cpp .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign plugins/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign plugins/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } +plugins-lite.la: $(plugins_lite_la_OBJECTS) $(plugins_lite_la_DEPENDENCIES) $(EXTRA_plugins_lite_la_DEPENDENCIES) + $(plugins_lite_la_LINK) -rpath $(plugindir) $(plugins_lite_la_OBJECTS) $(plugins_lite_la_LIBADD) $(LIBS) +plugins.la: $(plugins_la_OBJECTS) $(plugins_la_DEPENDENCIES) $(EXTRA_plugins_la_DEPENDENCIES) + $(plugins_la_LINK) -rpath $(plugindir) $(plugins_la_OBJECTS) $(plugins_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/CaseFoldingAttributeResolver.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/GSSAPIAttributeExtractor.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/TemplateAttributeResolver.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/TimeAccessControl.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/TransformAttributeResolver.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/plugins.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/plugins_lite_la-TimeAccessControl.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/plugins_lite_la-plugins.Plo@am__quote@ + +.cpp.o: +@am__fastdepCXX_TRUE@ $(CXXCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCXX_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCXX_FALSE@ $(CXXCOMPILE) -c -o $@ $< + +.cpp.obj: +@am__fastdepCXX_TRUE@ $(CXXCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCXX_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCXX_FALSE@ $(CXXCOMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.cpp.lo: +@am__fastdepCXX_TRUE@ $(LTCXXCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCXX_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCXX_FALSE@ $(LTCXXCOMPILE) -c -o $@ $< + +plugins_lite_la-plugins.lo: plugins.cpp +@am__fastdepCXX_TRUE@ $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(plugins_lite_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT plugins_lite_la-plugins.lo -MD -MP -MF $(DEPDIR)/plugins_lite_la-plugins.Tpo -c -o plugins_lite_la-plugins.lo `test -f 'plugins.cpp' || echo '$(srcdir)/'`plugins.cpp +@am__fastdepCXX_TRUE@ $(am__mv) $(DEPDIR)/plugins_lite_la-plugins.Tpo $(DEPDIR)/plugins_lite_la-plugins.Plo +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='plugins.cpp' object='plugins_lite_la-plugins.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCXX_FALSE@ $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(plugins_lite_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o plugins_lite_la-plugins.lo `test -f 'plugins.cpp' || echo '$(srcdir)/'`plugins.cpp + +plugins_lite_la-TimeAccessControl.lo: TimeAccessControl.cpp +@am__fastdepCXX_TRUE@ $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(plugins_lite_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT plugins_lite_la-TimeAccessControl.lo -MD -MP -MF $(DEPDIR)/plugins_lite_la-TimeAccessControl.Tpo -c -o plugins_lite_la-TimeAccessControl.lo `test -f 'TimeAccessControl.cpp' || echo '$(srcdir)/'`TimeAccessControl.cpp +@am__fastdepCXX_TRUE@ $(am__mv) $(DEPDIR)/plugins_lite_la-TimeAccessControl.Tpo $(DEPDIR)/plugins_lite_la-TimeAccessControl.Plo +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='TimeAccessControl.cpp' object='plugins_lite_la-TimeAccessControl.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCXX_FALSE@ $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(plugins_lite_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o plugins_lite_la-TimeAccessControl.lo `test -f 'TimeAccessControl.cpp' || echo '$(srcdir)/'`TimeAccessControl.cpp + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +cscopelist: $(HEADERS) $(SOURCES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) $(HEADERS) +installdirs: + for dir in "$(DESTDIR)$(plugindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pluginLTLIBRARIES + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-data-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-pluginLTLIBRARIES cscopelist ctags \ + distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-data-hook install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-pluginLTLIBRARIES install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \ + uninstall-am uninstall-pluginLTLIBRARIES + + +install-data-hook: + for la in $(plugin_LTLIBRARIES) ; do rm -f $(DESTDIR)$(plugindir)/$$la ; done + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff -Nru shibboleth-sp2-2.4.3+dfsg/plugins/TemplateAttributeResolver.cpp shibboleth-sp2-2.5.2+dfsg/plugins/TemplateAttributeResolver.cpp --- shibboleth-sp2-2.4.3+dfsg/plugins/TemplateAttributeResolver.cpp 1970-01-01 00:00:00.000000000 +0000 +++ shibboleth-sp2-2.5.2+dfsg/plugins/TemplateAttributeResolver.cpp 2012-07-23 20:08:22.000000000 +0000 @@ -0,0 +1,226 @@ +/** + * Licensed to the University Corporation for Advanced Internet + * Development, Inc. (UCAID) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for + * additional information regarding copyright ownership. + * + * UCAID licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the + * License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific + * language governing permissions and limitations under the License. + */ + +/** + * TemplateAttributeResolver.cpp + * + * AttributeResolver plugin for composing input values. + */ + +#include "internal.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +using namespace shibsp; +using namespace xmltooling; +using namespace xercesc; +using namespace boost; +using namespace std; + +namespace shibsp { + + class SHIBSP_DLLLOCAL TemplateContext : public ResolutionContext + { + public: + TemplateContext(const vector* attributes) : m_inputAttributes(attributes) { + } + + ~TemplateContext() { + for_each(m_attributes.begin(), m_attributes.end(), xmltooling::cleanup()); + } + + const vector* getInputAttributes() const { + return m_inputAttributes; + } + vector& getResolvedAttributes() { + return m_attributes; + } + vector& getResolvedAssertions() { + return m_assertions; + } + + private: + const vector* m_inputAttributes; + vector m_attributes; + static vector m_assertions; // empty dummy + }; + + + class SHIBSP_DLLLOCAL TemplateAttributeResolver : public AttributeResolver + { + public: + TemplateAttributeResolver(const DOMElement* e); + virtual ~TemplateAttributeResolver() {} + + Lockable* lock() { + return this; + } + void unlock() { + } + + ResolutionContext* createResolutionContext( + const Application& application, + const opensaml::saml2md::EntityDescriptor* issuer, + const XMLCh* protocol, + const opensaml::saml2::NameID* nameid=nullptr, + const XMLCh* authncontext_class=nullptr, + const XMLCh* authncontext_decl=nullptr, + const vector* tokens=nullptr, + const vector* attributes=nullptr + ) const { + // Make sure new method gets run. + return createResolutionContext(application, nullptr, issuer, protocol, nameid, authncontext_class, authncontext_decl, tokens, attributes); + } + + ResolutionContext* createResolutionContext( + const Application& application, + const GenericRequest* request, + const opensaml::saml2md::EntityDescriptor* issuer, + const XMLCh* protocol, + const opensaml::saml2::NameID* nameid=nullptr, + const XMLCh* authncontext_class=nullptr, + const XMLCh* authncontext_decl=nullptr, + const vector* tokens=nullptr, + const vector* attributes=nullptr + ) const { + return new TemplateContext(attributes); + } + + ResolutionContext* createResolutionContext(const Application& application, const Session& session) const { + return new TemplateContext(&session.getAttributes()); + } + + void resolveAttributes(ResolutionContext& ctx) const; + + void getAttributeIds(vector& attributes) const { + attributes.push_back(m_dest.front()); + } + + private: + Category& m_log; + string m_template; + vector m_sources,m_dest; + }; + + static const XMLCh dest[] = UNICODE_LITERAL_4(d,e,s,t); + static const XMLCh _sources[] = UNICODE_LITERAL_7(s,o,u,r,c,e,s); + static const XMLCh Template[] = UNICODE_LITERAL_8(T,e,m,p,l,a,t,e); + + AttributeResolver* SHIBSP_DLLLOCAL TemplateAttributeResolverFactory(const DOMElement* const & e) + { + return new TemplateAttributeResolver(e); + } + +}; + +vector TemplateContext::m_assertions; + +TemplateAttributeResolver::TemplateAttributeResolver(const DOMElement* e) + : m_log(Category::getInstance(SHIBSP_LOGCAT".AttributeResolver.Template")), + m_dest(1, XMLHelper::getAttrString(e, nullptr, dest)) +{ + if (m_dest.front().empty()) + throw ConfigurationException("Template AttributeResolver requires dest attribute."); + + string s(XMLHelper::getAttrString(e, nullptr, _sources)); + split(m_sources, s, is_space(), algorithm::token_compress_on); + if (m_sources.empty()) + throw ConfigurationException("Template AttributeResolver requires sources attribute."); + + e = e ? XMLHelper::getFirstChildElement(e, Template) : nullptr; + auto_ptr_char t(e ? e->getTextContent() : nullptr); + if (t.get()) { + m_template = t.get(); + trim(m_template); + } + if (m_template.empty()) + throw ConfigurationException("Template AttributeResolver requires